Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2017-04-06 CVE-2017-5887 Improper Certificate Validation vulnerability in Starscream Project Starscream
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
network
low complexity
starscream-project CWE-295
7.5
2017-04-05 CVE-2015-4680 Improper Certificate Validation vulnerability in multiple products
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
network
low complexity
freeradius suse CWE-295
7.5
2017-04-03 CVE-2013-7450 Improper Certificate Validation vulnerability in Pulpproject Pulp 2.2.11
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
network
low complexity
pulpproject CWE-295
7.5
2017-03-31 CVE-2016-9319 Improper Certificate Validation vulnerability in Trendmicro Mobile Security 9.7
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
network
high complexity
trendmicro CWE-295
5.9
2017-03-30 CVE-2017-7322 Improper Certificate Validation vulnerability in Modx Revolution
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.
network
high complexity
modx CWE-295
8.1
2017-03-17 CVE-2017-0129 Improper Certificate Validation vulnerability in Microsoft Lync for mac 2011
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."
network
low complexity
microsoft CWE-295
7.5
2017-03-10 CVE-2015-2330 Improper Certificate Validation vulnerability in Webkitgtk
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
network
low complexity
webkitgtk CWE-295
7.5
2017-03-02 CVE-2016-9892 Improper Certificate Validation vulnerability in Eset Endpoint Antivirus and Endpoint Security
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.
network
high complexity
eset CWE-295
5.9
2017-02-20 CVE-2016-7662 Improper Certificate Validation vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-295
7.5
2017-01-30 CVE-2016-2402 Improper Certificate Validation vulnerability in Squareup Okhttp and Okhttp3
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
network
high complexity
squareup CWE-295
5.9