Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-27 | CVE-2017-8301 | Improper Certificate Validation vulnerability in Openbsd Libressl 2.5.1/2.5.2/2.5.3 LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | 5.3 |
| 2017-04-24 | CVE-2017-3563 | Improper Certificate Validation vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.8 |
| 2017-04-24 | CVE-2016-5016 | Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | 5.9 |
| 2017-04-21 | CVE-2016-1519 | Improper Certificate Validation vulnerability in Grandstream Wave 1.0.1.26 The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | 5.9 |
| 2017-04-21 | CVE-2016-1221 | Improper Certificate Validation vulnerability in Jetstar 2.4.1 Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-21 | CVE-2016-1210 | Improper Certificate Validation vulnerability in the Hyakugo Bank 105 Bank 1.0/1.1 The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-21 | CVE-2016-1198 | Improper Certificate Validation vulnerability in NTT Photopt 1.0.0/1.1.0 Photopt for Android before 2.0.1 does not verify SSL certificates. | 5.9 |
| 2017-04-21 | CVE-2016-1186 | Improper Certificate Validation vulnerability in Cybozu Kintone Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | 5.9 |
| 2017-04-21 | CVE-2016-4840 | Improper Certificate Validation vulnerability in Toshiba Coordinate Plus 1.0.2 Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | 5.9 |
| 2017-04-21 | CVE-2016-4832 | Improper Certificate Validation vulnerability in Aeon Waon 1.4.1 WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | 5.9 |