Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2015-7826 | Improper Certificate Validation vulnerability in Botan Project Botan botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | 7.5 |
| 2017-04-07 | CVE-2017-2387 | Improper Certificate Validation vulnerability in Apple Music 1.2.1 The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2.9 |
| 2017-04-06 | CVE-2017-7192 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | 5.0 |
| 2017-04-06 | CVE-2017-5887 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | 5.0 |
| 2017-04-05 | CVE-2015-4680 | Improper Certificate Validation vulnerability in multiple products FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | 5.0 |
| 2017-04-03 | CVE-2013-7450 | Improper Certificate Validation vulnerability in Pulpproject Pulp 2.2.11 Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | 5.0 |
| 2017-03-31 | CVE-2016-9319 | Improper Certificate Validation vulnerability in Trendmicro Mobile Security There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 4.3 |
| 2017-03-30 | CVE-2017-7322 | Improper Certificate Validation vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | 6.8 |
| 2017-03-17 | CVE-2017-0129 | Improper Certificate Validation vulnerability in Microsoft Lync for mac 2011 Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | 5.0 |
| 2017-03-10 | CVE-2015-2330 | Improper Certificate Validation vulnerability in Webkitgtk Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | 5.0 |