Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2017-11770 | Improper Certificate Validation vulnerability in Microsoft Aspnetcore 1.0/1.1/2.0 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. | 5.0 |
| 2017-11-10 | CVE-2017-9758 | Improper Certificate Validation vulnerability in Savitech-Ic Savitech Driver Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | 5.8 |
| 2017-11-07 | CVE-2017-2913 | Improper Certificate Validation vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the filtering functionality of Circle with Disney. | 2.6 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |
| 2017-10-23 | CVE-2017-7080 | Improper Certificate Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 5.0 |
| 2017-10-20 | CVE-2017-6144 | Improper Certificate Validation vulnerability in F5 Big-Ip Policy Enforcement Manager 12.1.0/12.1.1/12.1.2 In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. | 5.8 |
| 2017-10-18 | CVE-2014-7242 | Improper Certificate Validation vulnerability in Ms-Ins Sumaho and Sumaho Driving Capability Diagnosis The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | 4.3 |
| 2017-10-18 | CVE-2014-3706 | Improper Certificate Validation vulnerability in Redhat Enterprise MRG 3.0 ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | 4.3 |
| 2017-10-13 | CVE-2017-10620 | Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. | 5.8 |
| 2017-10-12 | CVE-2015-6358 | Improper Certificate Validation vulnerability in Cisco products Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | 4.3 |