Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-05 | CVE-2016-1252 | Improper Certificate Validation vulnerability in multiple products The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | 5.9 |
| 2017-11-27 | CVE-2017-15114 | Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0 When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. | 8.1 |
| 2017-11-22 | CVE-2017-8213 | Improper Certificate Validation vulnerability in Huawei Smc2.0 Firmware Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. | 5.3 |
| 2017-11-22 | CVE-2017-15528 | Improper Certificate Validation vulnerability in Norton Install Norton Security Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target. | 3.7 |
| 2017-11-17 | CVE-2017-1000209 | Improper Certificate Validation vulnerability in Nv-Websocket-Client Project Nv-Websocket-Client The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | 5.9 |
| 2017-11-15 | CVE-2014-2845 | Improper Certificate Validation vulnerability in Cyberduck Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | 5.9 |
| 2017-11-15 | CVE-2017-11770 | Improper Certificate Validation vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. | 7.5 |
| 2017-11-10 | CVE-2017-9758 | Improper Certificate Validation vulnerability in Savitech-Ic Savitech Driver Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | 7.4 |
| 2017-11-07 | CVE-2017-2913 | Improper Certificate Validation vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the filtering functionality of Circle with Disney. | 5.9 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |