Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2019-20455 | Improper Certificate Validation vulnerability in Globalpayments PHP SDK Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations. | 5.9 |
| 2020-02-07 | CVE-2019-15604 | Improper Certificate Validation vulnerability in multiple products Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | 7.5 |
| 2020-01-31 | CVE-2020-7956 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. | 9.8 |
| 2020-01-31 | CVE-2020-5526 | Improper Certificate Validation vulnerability in Fujixerox Apeosware Management Suite 2.0.0/2.0.5/2.0.8 The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2020-01-30 | CVE-2020-7904 | Improper Certificate Validation vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | 7.4 |
| 2020-01-28 | CVE-2014-3230 | Improper Certificate Validation vulnerability in Lwp::Protocol::Https Project Lwp::Protocol::Https 6.04/6.06 The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | 5.9 |
| 2020-01-28 | CVE-2020-5523 | Improper Certificate Validation vulnerability in multiple products Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. network high complexity nttdata ashikagabank sihd-bk shikokubank tohoku-bank naganobank 77bank hokkaidobank hokugin CWE-295 | 7.4 |
| 2020-01-27 | CVE-2015-0294 | Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | 7.5 |
| 2020-01-27 | CVE-2006-7246 | Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | 6.8 |
| 2020-01-27 | CVE-2020-5522 | Improper Certificate Validation vulnerability in Fujixerox Easy Netprint 2.0.3 The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |