Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,400 vulnerabilities with CWE-295

CVE-2019-10382 MEDIUM

Jenkins VMware Lab Manager Slaves Plugin <= 0.2.8 - Improper Certificate Validation

CVE-2019-10381 HIGH

Jenkins Codefresh Integration Plugin < 1.8 - SSL/TLS and Hostname Verification Disabled

CVE-2019-3890 HIGH

evolution-ews < 3.31.3 - Improper Certificate Validation

CVE-2019-14334 MEDIUM

D-Link 6600-AP - Privilege Escalation

CVE-2019-7615 HIGH

Elastic APM agent for Ruby <2.9.0 - Info Disclosure

CVE-2019-1552 LOW

OpenSSL 1.0.2-1.0.2s - Improper Certificate Validation via OPENSSLDIR Configuration

CVE-2019-11727 MEDIUM

Firefox < 68.0 - Improper Certificate Validation via PKCS#1 v1.5 Signatures in TLS 1.3

CVE-2019-1010206 MEDIUM

OSS Http Request (Apache Cordova Plugin) 6 - SSL Spoofing

CVE-2019-1940 MEDIUM

Cisco Industrial Network Director < 1.7 - Unauthenticated Sensitive Data Exposure via Invalid X.509 Certificate

CVE-2019-1010275 CRITICAL

helm <2.7.2 - Improper Certificate Validation

CVE-2019-1006 HIGH

.NET Framework - Authentication Bypass via SAML Token Arbitrary Symmetric Key Signing

CVE-2019-11242 HIGH

Cohesity DataPlatform 5.x-6.x < 6.1.1c - Man-in-the-Middle via vCenter TLS Certificate Validation Bypass

CVE-2019-9148 MEDIUM

Mailvelope < 3.3.0 - Improper Certificate Validation

CVE-2019-5961 HIGH

Tootdon for Mastodon < 3.4.1 - Improper Certificate Validation

CVE-2019-1886 HIGH

Cisco AsyncOS 10.5-10.5.5-005 - Denial of Service via Malformed SSL Certificate

CVE-2019-13050 HIGH

GnuPG < 2.2.16 - Denial of Service via SKS Keyserver Certificate Spamming

CVE-2019-4150 LOW

IBM Security Access Manager 9.0.1-9.0.6 - Improper Certificate Validation

CVE-2019-12855 HIGH

Twisted < 19.2.1 - Improper Certificate Validation in XMPP TLS Connections

CVE-2019-3875 MEDIUM

Keycloak < 6.0.2 - Improper Certificate Validation in X.509 Authenticator

CVE-2019-10334 MEDIUM

Jenkins ElectricFlow < 1.1.5 - SSL/TLS and Hostname Verification Disabled via MultipartUtility.java

CVE-2019-12496 HIGH

Hybrid Group Gobot < 1.13.0 - Improper Certificate Validation in MQTT Subsystem

CVE-2019-4264 MEDIUM

IBM QRadar SIEM <7.2.8 - Info Disclosure

CVE-2019-12098 HIGH

Heimdal <7.6.0 - Privilege Escalation

CVE-2019-11550 MEDIUM

Citrix SD-WAN 10.2.x < 10.2.1 and NetScaler SD-WAN 10.0.x < 10.0.7 - Improper Certificate Validation

CVE-2019-1859 HIGH

Cisco Small Business Switches - Auth Bypass

Previous Page 39 of 56 Next

Details

Vulnerabilities 1,400

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy