Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-03 | CVE-2013-7450 | Improper Certificate Validation vulnerability in Pulpproject Pulp 2.2.11 Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | 5.0 |
| 2017-03-31 | CVE-2016-9319 | Improper Certificate Validation vulnerability in Trendmicro Mobile Security There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 4.3 |
| 2017-03-30 | CVE-2017-7322 | Improper Certificate Validation vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | 6.8 |
| 2017-03-17 | CVE-2017-0129 | Improper Certificate Validation vulnerability in Microsoft Lync for mac 2011 Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | 5.0 |
| 2017-03-10 | CVE-2015-2330 | Improper Certificate Validation vulnerability in Webkitgtk Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | 5.0 |
| 2017-03-02 | CVE-2016-9892 | Improper Certificate Validation vulnerability in Eset Endpoint Antivirus and Endpoint Security The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. | 4.3 |
| 2017-02-20 | CVE-2016-7662 | Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Watchos An issue was discovered in certain Apple products. | 5.0 |
| 2017-01-30 | CVE-2016-2402 | Improper Certificate Validation vulnerability in Squareup Okhttp and Okhttp3 OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | 5.9 |
| 2017-01-11 | CVE-2016-9015 | Improper Certificate Validation vulnerability in Python Urllib3 1.17/1.18 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. | 2.6 |
| 2016-12-05 | CVE-2016-7171 | Improper Certificate Validation vulnerability in Netapp Plug-In NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | 6.8 |