Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2019-10091 | Improper Certificate Validation vulnerability in Apache Geode 1.9.0 When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. | 4.0 |
| 2020-03-13 | CVE-2020-1887 | Improper Certificate Validation vulnerability in Linuxfoundation Osquery Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | 5.8 |
| 2020-03-10 | CVE-2012-1096 | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | 4.9 |
| 2020-03-09 | CVE-2020-8987 | Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. | 5.8 |
| 2020-03-04 | CVE-2020-3155 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. | 5.8 |
| 2020-02-27 | CVE-2020-9434 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 6.4 |
| 2020-02-27 | CVE-2020-9433 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 6.4 |
| 2020-02-27 | CVE-2020-9432 | Improper Certificate Validation vulnerability in Lua-Openssl Project Lua-Openssl 0.7.71 openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | 6.4 |
| 2020-02-27 | CVE-2020-7043 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. | 9.1 |
| 2020-02-27 | CVE-2020-7041 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |