Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-13 | CVE-2020-1887 | Improper Certificate Validation vulnerability in Linuxfoundation Osquery Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | 9.1 |
| 2020-03-10 | CVE-2012-1096 | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | 5.5 |
| 2020-03-09 | CVE-2020-8987 | Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. | 7.4 |
| 2020-03-04 | CVE-2020-3155 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. | 7.4 |
| 2020-02-27 | CVE-2020-9434 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 9.1 |
| 2020-02-27 | CVE-2020-9433 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 9.1 |
| 2020-02-27 | CVE-2020-9432 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 9.1 |
| 2020-02-27 | CVE-2020-7043 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. | 9.1 |
| 2020-02-27 | CVE-2020-7041 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |
| 2020-02-19 | CVE-2020-7942 | Improper Certificate Validation vulnerability in Puppet and Puppet Agent Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. | 6.5 |