Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-15 | CVE-2019-1006 | Improper Certificate Validation vulnerability in Microsoft products An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | 7.5 |
| 2019-07-12 | CVE-2019-11242 | Improper Certificate Validation vulnerability in Cohesity Dataplatform A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. | 8.1 |
| 2019-07-09 | CVE-2019-9148 | Improper Certificate Validation vulnerability in Mailvelope Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. | 4.3 |
| 2019-07-05 | CVE-2019-5961 | Improper Certificate Validation vulnerability in Mastodon-Tootdon Tootdon for Mastodon 3.4.1 The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2019-07-04 | CVE-2019-1886 | Improper Certificate Validation vulnerability in Cisco Asyncos and web Security Appliance A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2019-06-29 | CVE-2019-13050 | Improper Certificate Validation vulnerability in multiple products Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. | 7.5 |
| 2019-06-25 | CVE-2019-4150 | Improper Certificate Validation vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 3.7 |
| 2019-06-24 | CVE-2017-17945 | Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | 9.1 |
| 2019-06-20 | CVE-2017-17944 | Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | 9.1 |
| 2019-06-16 | CVE-2019-12855 | Improper Certificate Validation vulnerability in Twistedmatrix Twisted In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | 7.4 |