Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-17 | CVE-2018-5258 | Improper Certificate Validation vulnerability in Banconeon Neon 1.6.14 The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2018-01-12 | CVE-2015-2981 | Improper Certificate Validation vulnerability in Yodobashi 1.2.1.0 The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2018-01-10 | CVE-2018-0786 | Improper Certificate Validation vulnerability in Microsoft .Net Core, .Net Framework and Powershell Core Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | 7.5 |
| 2018-01-09 | CVE-2017-1000415 | Improper Certificate Validation vulnerability in Matrixssl 3.7.2 MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | 5.9 |
| 2018-01-08 | CVE-2015-2320 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | 9.8 |
| 2018-01-08 | CVE-2015-2319 | Improper Certificate Validation vulnerability in Mono-Project Mono The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 7.5 |
| 2018-01-08 | CVE-2015-2318 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | 8.1 |
| 2018-01-08 | CVE-2014-3607 | Improper Certificate Validation vulnerability in Ldaptive and Vt-Ldap DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.9 |
| 2017-12-21 | CVE-2015-4100 | Improper Certificate Validation vulnerability in Puppet Enterprise Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | 6.8 |
| 2017-12-17 | CVE-2017-17718 | Improper Certificate Validation vulnerability in Net-Ldap Project Net-Ldap The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | 5.9 |