Vulnerabilities > Improper Validation of Certificate with Host Mismatch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-04 | CVE-2014-3603 | Improper Validation of Certificate with Host Mismatch vulnerability in Shibboleth Identity Provider and Opensaml Java The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.9 |
2018-08-30 | CVE-2018-10936 | Improper Validation of Certificate with Host Mismatch vulnerability in multiple products A weakness was found in postgresql-jdbc before version 42.2.5. | 8.1 |
2017-11-07 | CVE-2017-2912 | Improper Validation of Certificate with Host Mismatch vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. | 5.9 |
2017-11-07 | CVE-2017-2911 | Improper Validation of Certificate with Host Mismatch vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. | 5.9 |
2016-09-09 | CVE-2016-1280 | Improper Validation of Certificate with Host Mismatch vulnerability in Juniper Junos PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. | 6.5 |