Suman Jana

**Name of the Vulnerable Software and Affected Versions** wolfSSL CyaSSL versions prior to 2.9.4 **Description** The issue is related to the improper validation of X.509 certificates with unknown critical extensions. This allows man-in-the-middle attackers to spoof servers via crafted X.509 certificates. **Recommendations** For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Cordova versions 3.3.0 and earlier Adobe PhoneGap versions 2.9.0 and earlier **Description** The issue allows remote attackers to bypass intended device-resource restrictions of an event-based bridge. This is achieved via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an `OnJsPrompt` handler return value as an alternative to correct synchronization. **Recommendations** For Apache Cordova versions 3.3.0 and earlier, consider restricting access to the event-based bridge until a fix is available. For Adobe PhoneGap versions 2.9.0 and earlier, avoid using the `OnJsPrompt` handler in the affected library clone until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Libcloud versions prior to 0.11.1 **Description** The issue arises from an incorrect regular expression used during the verification process of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. **Recommendations** For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSL connections to trusted servers until the update is applied.