Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,401 vulnerabilities with CWE-295

CVE-2017-2784 HIGH

ARM mbed TLS < 1.3.19, 2.x < 2.1.7, 2.4.x < 2.4.2 - Remote Code Execution via X.509 Certificate Parsing

CVE-2017-5653 MEDIUM

Apache CXF 3.0.0-3.0.12 and 3.1.0-3.1.10 - Improper Certificate Validation in JAX-RS XML Security Streaming Clients

CVE-2017-2387 MEDIUM

Apple Music before 2.0 for Android - Improper Certificate Validation

CVE-2017-7192 HIGH

Starscream < 2.0.3 - SSL Pinning Bypass via certValidated Variable Mismanagement

CVE-2017-5887 HIGH

Starscream < 2.0.3 - SSL Pinning Bypass via Late Certificate Validation

CVE-2017-7322 HIGH

MODX Revolution <2.5.4-pl - Code Injection

CVE-2017-0129 HIGH

Microsoft Lync for Mac 2011 - Improper Certificate Validation

CVE-2016-20011 HIGH

libgrss < 0.7.0 - Improper Certificate Validation via SoupSessionSync

CVE-2016-11086 HIGH

oauth-ruby < 0.5.4 - Improper Certificate Validation

CVE-2016-11076 MEDIUM

Mattermost Server < 3.0.0 - Improper Certificate Validation

CVE-2016-10937 HIGH

imapfilter < 2.6.12 - Improper Certificate Validation

CVE-2016-10931 HIGH

rust-openssl < 0.9.0 - Improper Certificate Validation

CVE-2016-7075 HIGH

Kubernetes - Improper Certificate Validation

CVE-2016-1000030 CRITICAL

Pidgin <2.11.0 - Remote Code Execution

CVE-2016-2922 LOW

IBM Rational ClearQuest 8.0.0.0-8.0.0.21 - Improper Certificate Validation

CVE-2016-6562 HIGH

ShoreTel Mobility Client <9.1.3.109 - Info Disclosure

CVE-2016-9064 MEDIUM

Firefox ESR < 45.5 & Firefox < 50 - Man-in-the-middle attack

CVE-2016-10536 MEDIUM

engine.io-client < 1.6.8 - Improper Certificate Validation via rejectUnauthorized Setting

CVE-2016-10534 MEDIUM

electron-packager 5.2.1-6.0.0 6.0.0-6.0.2 - Improper Certificate Validation via --strict-ssl Option

CVE-2016-9952 HIGH

curl 7.30.0-7.51.0 - Improper Certificate Validation via Wildcard SAN in schannel TLS Backend

CVE-2016-1252 MEDIUM

Debian jessie <1.0.9.8.4, Debian unstable <1.4~beta2, Ubuntu 14.04 ...

CVE-2016-10511 MEDIUM

Twitter iOS 6.62-6.62.1 - Improper Certificate Validation in Configuration Endpoint

CVE-2016-7816 MEDIUM

Cybozu kintone mobile for Android <= 1.0.6 - Improper Certificate Validation

CVE-2016-7805 MEDIUM

mobiGate App for Android <= 2.2.1.2 and iOS <= 2.2.4.1 - Improper Certificate Validation

CVE-2016-5648 MEDIUM

Acer Portal <3.9.4.2000 - Info Disclosure

Previous Page 51 of 57 Next

Details

Vulnerabilities 1,401

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy