Vulnerability Summary for the Week of November 5, 2012
Released
Nov 12, 2012
Document ID
SB12-317
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | 2012-11-07 | 10.0 | CVE-2012-5274 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | 2012-11-07 | 10.0 | CVE-2012-5275 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280. | 2012-11-07 | 10.0 | CVE-2012-5276 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280. | 2012-11-07 | 10.0 | CVE-2012-5277 |
| adobe -- adobe_air | Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | 2012-11-07 | 10.0 | CVE-2012-5278 |
| adobe -- adobe_air | Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2012-11-07 | 10.0 | CVE-2012-5279 |
| adobe -- adobe_air | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277. | 2012-11-07 | 10.0 | CVE-2012-5280 |
| google -- chrome | Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitigate improper write behavior in graphics drivers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger "wild writes." | 2012-11-07 | 7.5 | CVE-2012-5115 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. | 2012-11-07 | 7.5 | CVE-2012-5116 |
| google -- chrome | Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors. | 2012-11-07 | 7.5 | CVE-2012-5117 |
| google -- chrome | Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-11-07 | 7.5 | CVE-2012-5118 |
| google -- chrome | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array. | 2012-11-07 | 7.5 | CVE-2012-5120 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. | 2012-11-07 | 7.5 | CVE-2012-5121 |
| google -- chrome | Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2012-11-07 | 7.5 | CVE-2012-5122 |
| google -- chrome | Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2012-11-07 | 7.5 | CVE-2012-5124 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | 2012-11-07 | 7.5 | CVE-2012-5125 |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders. | 2012-11-07 | 7.5 | CVE-2012-5126 |
| google -- chrome | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. | 2012-11-07 | 7.5 | CVE-2012-5127 |
| google -- chrome | Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2012-11-07 | 7.5 | CVE-2012-5128 |
| hp -- performance_insight | Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. | 2012-11-07 | 7.5 | CVE-2012-3269 |
| hp -- performance_insight | Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. | 2012-11-07 | 10.0 | CVE-2012-3270 |
| morbus_iff -- activism | The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | 2012-11-02 | 7.5 | CVE-2012-4498 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abraham_williams -- twitteroauth | TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5243 |
| acra -- acra_library | The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5812 |
| akunamachata -- paypal_express_module | The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5795 |
| amazon -- merchant_sdk | The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5780 |
| amazon -- elastic_load_balancing_api_tools | Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager. | 2012-11-04 | 5.8 | CVE-2012-5781 |
| amazon -- flexible_payments_service | Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain "true" value. | 2012-11-04 | 5.8 | CVE-2012-5782 |
| amazon -- flexible_payments_service | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5783 |
| amazon -- ec2_api_tools_java_library | Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5817 |
| aol -- aim | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5816 |
| apache -- libcloud | Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | 2012-11-04 | 5.8 | CVE-2012-3446 |
| apache -- activemq | Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5784 |
| apache -- axis2 | Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5785 |
| apache -- cxf | The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5786 |
| apple -- safari | Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | 2012-11-03 | 5.1 | CVE-2012-3748 |
| apple -- iphone_os | The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | 2012-11-03 | 5.0 | CVE-2012-3749 |
| be-graph -- bezip | Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. | 2012-11-08 | 5.0 | CVE-2012-5171 |
| boombatower -- subuser | Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | 2012-11-02 | 6.8 | CVE-2012-4486 |
| boombatower -- subuser | The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | 2012-11-02 | 4.0 | CVE-2012-4487 |
| breezy -- breezy | The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5811 |
| brian_burton -- paypal_pro_payflow_module | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5797 |
| cisco -- secure_access_control_server | Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | 2012-11-07 | 5.0 | CVE-2012-5424 |
| civicrm -- civicrm | CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5239 |
| cybersource_module_project -- cybersource | The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5804 |
| elephantdrive -- elephantdrive | ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5818 |
| emorym -- andrpoid_pusher | The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5813 |
| filesanywhere -- filesanywhere | FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5819 |
| firstdata -- linkpoint | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5808 |
| github -- gaug.es | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5814 |
| google -- checkout-php | google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5238 |
| google -- chrome | Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers. | 2012-11-07 | 6.8 | CVE-2012-5119 |
| google -- chrome | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2012-11-07 | 5.0 | CVE-2012-5123 |
| google -- admob | The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5820 |
| groupon -- groupon_merchants | The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5809 |
| harald_ponce_de_leon -- authorize.net | The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5793 |
| ibm -- tivoli_federated_identity_manager | The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | 2012-11-08 | 5.0 | CVE-2012-3315 |
| irata -- authorize.net_module | The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5803 |
| irfanview -- flashpix_plugin | Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. | 2012-11-02 | 6.8 | CVE-2012-0025 |
| jpmorganchase -- chase_mobile | The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager. | 2012-11-04 | 5.8 | CVE-2012-5810 |
| lincolnloop -- authorize.net_echeck_module | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5807 |
| lynx -- lynx | Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. | 2012-11-04 | 5.8 | CVE-2012-5821 |
| magentocommerce -- magento | Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5240 |
| moneris -- eselect_plus | Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5236 |
| moneybookers -- moneybookers | The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5794 |
| mosp -- kintai_kanri | MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors. | 2012-11-08 | 4.0 | CVE-2012-4020 |
| mosp -- kintai_kanri | MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | 2012-11-08 | 5.5 | CVE-2012-4021 |
| mozilla -- zamboni | The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library. | 2012-11-04 | 5.8 | CVE-2012-5822 |
| opensourceclassifieds -- opensourceclassifieds | Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | 2012-11-04 | 5.8 | CVE-2012-5823 |
| oscommerce -- oscommerce | The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5792 |
| oscommerce -- oscommerce | The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5796 |
| oscommerce -- oscommerce | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5798 |
| paypal -- wps_toolkit | PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5237 |
| paypal -- merchant_sdk | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5787 |
| paypal -- ipn | The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | 2012-11-04 | 5.8 | CVE-2012-5788 |
| paypal -- payments_standard | PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value. | 2012-11-04 | 5.8 | CVE-2012-5789 |
| paypal -- payments_standard | PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value. | 2012-11-04 | 5.8 | CVE-2012-5790 |
| paypal -- invoicing | PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5791 |
| paypal -- paypal | The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5802 |
| paypal -- instant_payment_notification | The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. | 2012-11-04 | 5.8 | CVE-2012-5805 |
| paypal -- payments_pro | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. | 2012-11-04 | 5.8 | CVE-2012-5806 |
| php_group -- services_twitter | Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5241 |
| prestashop -- prestashop | The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | 2012-11-04 | 5.8 | CVE-2012-5799 |
| prestashop -- ebay | The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5800 |
| prestashop -- ebay | The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | 2012-11-04 | 5.8 | CVE-2012-5801 |
| rackspace_hosting -- rackspace | The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-04 | 5.8 | CVE-2012-5815 |
| realnetworks -- realplayer | Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature. | 2012-11-04 | 6.8 | CVE-2012-4987 |
| simon_brown -- pebble | Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | 2012-11-08 | 6.4 | CVE-2012-4022 |
| simon_brown -- pebble | CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2012-11-08 | 4.3 | CVE-2012-4023 |
| simon_brown -- pebble | Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2012-11-04 | 5.8 | CVE-2012-5170 |
| themattharris -- tmhoauth | tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2012-11-06 | 5.8 | CVE-2011-5242 |
| trillian -- trillian | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831. | 2012-11-04 | 5.8 | CVE-2012-5824 |
| tweepy -- tweepy | Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library. | 2012-11-04 | 5.8 | CVE-2012-5825 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- iphone_os | The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | 2012-11-03 | 3.6 | CVE-2012-3750 |
| devsaran -- elegant_theme | Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | 2012-11-02 | 2.1 | CVE-2012-4497 |
| roy_baxter -- better_revisions | Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | 2012-11-02 | 2.1 | CVE-2012-4493 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.