Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-25 | CVE-2015-5263 | Improper Certificate Validation vulnerability in Pulpproject Pulp pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | 6.8 |
| 2017-09-19 | CVE-2015-3420 | Improper Certificate Validation vulnerability in multiple products The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 4.3 |
| 2017-09-18 | CVE-2016-10511 | Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | 4.3 |
| 2017-09-15 | CVE-2017-2299 | Improper Certificate Validation vulnerability in Puppet Puppetlabs-Apache Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. | 5.0 |
| 2017-09-13 | CVE-2017-14420 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-13 | CVE-2017-14419 | Improper Certificate Validation vulnerability in Dlink Dir-850L Firmware The D-Link NPAPI extension, as used on D-Link DIR-850L REV. | 5.9 |
| 2017-09-06 | CVE-2015-2943 | Improper Certificate Validation vulnerability in Honda Moto Linc 1.6.1 Honda Moto LINC 1.6.1 does not verify SSL certificates. | 4.3 |
| 2017-08-28 | CVE-2017-6594 | Improper Certificate Validation vulnerability in multiple products The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | 5.0 |
| 2017-08-28 | CVE-2015-0210 | Improper Certificate Validation vulnerability in W1.Fi WPA Supplicant 2.016 wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | 4.3 |
| 2017-08-25 | CVE-2015-4017 | Improper Certificate Validation vulnerability in Saltstack Salt 2014.7.5 Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 7.5 |