Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2017-1000415 | Improper Certificate Validation vulnerability in Matrixssl 3.7.2 MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | 5.9 |
| 2018-01-08 | CVE-2015-2320 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | 9.8 |
| 2018-01-08 | CVE-2015-2319 | Improper Certificate Validation vulnerability in Mono-Project Mono The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 7.5 |
| 2018-01-08 | CVE-2015-2318 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | 8.1 |
| 2018-01-08 | CVE-2014-3607 | Improper Certificate Validation vulnerability in Ldaptive and Vt-Ldap DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.9 |
| 2017-12-21 | CVE-2015-4100 | Improper Certificate Validation vulnerability in Puppet Enterprise Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | 6.8 |
| 2017-12-17 | CVE-2017-17718 | Improper Certificate Validation vulnerability in Net-Ldap Project Net-Ldap The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | 5.9 |
| 2017-12-17 | CVE-2017-17716 | Improper Certificate Validation vulnerability in Gitlab 9.4.0/9.4.1 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. | 5.9 |
| 2017-12-16 | CVE-2017-3190 | Improper Certificate Validation vulnerability in AXS Flash Seats Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 7.5 |
| 2017-12-11 | CVE-2014-3250 | Improper Certificate Validation vulnerability in multiple products The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | 6.5 |