Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Input Validation CVEs published in 2012. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2012-5789 | PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value. | 5.8 | 0.57% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5788 | The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | 5.8 | 0.57% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5787 | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 | 0.91% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5786 | The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. NOTE: The vendor states that the sample had specifically used a flag to bypass the DN check | 5.8 | 1.08% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5785 | Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 | 2.21% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5784 | Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 | 5.72% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5782 | Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain "true" value. | 5.8 | 0.57% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5781 | Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager. | 5.8 | 0.73% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5780 | The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 | 0.57% | 2012-11-04 | 2026-06-16 |
| CVE-2012-5170 | Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 | 1.31% | 2012-11-04 | 2026-06-16 |
| CVE-2012-3026 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. | 10.0 | 5.01% | 2012-11-01 | 2026-06-16 |
| CVE-2012-3021 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. | 10.0 | 5.01% | 2012-11-01 | 2026-06-16 |
| CVE-2012-3010 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. | 10.0 | 5.01% | 2012-11-01 | 2026-06-16 |
| CVE-2012-4544 | The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. | 2.1 | 0.42% | 2012-10-31 | 2026-06-16 |
| CVE-2012-4489 | Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | 5.8 | 1.48% | 2012-10-31 | 2026-06-16 |
| CVE-2012-4482 | The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | 5.0 | 1.32% | 2012-10-31 | 2026-06-16 |
| CVE-2012-2625 | The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image. | 2.7 | 0.92% | 2012-10-31 | 2026-06-16 |
| CVE-2012-4176 | Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 | 7.32% | 2012-10-23 | 2026-06-16 |
| CVE-2012-4435 | fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address. | 4.0 | 2.33% | 2012-10-22 | 2026-06-16 |
| CVE-2012-2972 | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. | 5.0 | 3.47% | 2012-10-20 | 2026-06-16 |