Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2012-1316 | Improper Certificate Validation vulnerability in Cisco Ironport web Security Appliance Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | 5.9 |
| 2020-01-14 | CVE-2020-0601 | Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 8.1 |
| 2020-01-02 | CVE-2014-0161 | Improper Certificate Validation vulnerability in Ovirt-Engine-Sdk-Python Project Ovirt-Engine-Sdk-Python ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. | 5.9 |
| 2020-01-02 | CVE-2014-0104 | Improper Certificate Validation vulnerability in Clusterlabs Fence-Agents In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | 5.9 |
| 2019-12-30 | CVE-2013-0264 | Improper Certificate Validation vulnerability in Redhat MRG Management Console R5310 An import error was introduced in Cumin in the code refactoring in r5310. | 7.5 |
| 2019-12-26 | CVE-2019-6032 | Improper Certificate Validation vulnerability in NTV News 24 The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2019-12-23 | CVE-2019-6687 | Improper Certificate Validation vulnerability in F5 Big-Ip Application Security Manager On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | 7.4 |
| 2019-12-17 | CVE-2019-16561 | Improper Certificate Validation vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 |
| 2019-12-17 | CVE-2019-16558 | Improper Certificate Validation vulnerability in Jenkins Spira Importer 3.2.2/3.2.3 Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 |
| 2019-12-16 | CVE-2018-11751 | Improper Certificate Validation vulnerability in Puppet Server Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. | 5.4 |