CWE-295
Improper Certificate Validation
BaseDraft
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (377)
page 4 of 19| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27137 | Hig | 0.49 | 7.5 | 0.00 | Mar 6, 2026 | When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered. | |
| CVE-2025-65753 | Hig | 0.49 | 7.5 | 0.00 | Feb 17, 2026 | An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root. | |
| CVE-2025-70029 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options | |
| CVE-2025-10495 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | |
| CVE-2025-40744 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2025 | A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. | |
| CVE-2025-54470 | Hig | 0.49 | 8.6 | 0.00 | Oct 30, 2025 | This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack | |
| CVE-2025-0501 | Hig | 0.49 | 7.5 | 0.00 | Jan 15, 2025 | An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. | |
| CVE-2025-0500 | Hig | 0.49 | 7.5 | 0.00 | Jan 15, 2025 | An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle. | |
| CVE-2024-41996 | Hig | 0.49 | 7.5 | 0.01 | Aug 26, 2024 | Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key. | |
| CVE-2017-3190 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2017 | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |
| CVE-2017-7080 | Hig | 0.49 | 7.5 | 0.00 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. | |
| CVE-2017-1000097 | Hig | 0.49 | 7.5 | 0.00 | Oct 5, 2017 | On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. | |
| CVE-2017-2299 | Hig | 0.49 | 7.5 | 0.00 | Sep 15, 2017 | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | |
| CVE-2017-6594 | Hig | 0.49 | 7.5 | 0.00 | Aug 28, 2017 | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | |
| CVE-2015-4017 | Hig | 0.49 | 7.5 | 0.00 | Aug 25, 2017 | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | |
| CVE-2014-3451 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2017 | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |
| CVE-2017-6664 | Hig | 0.49 | 7.5 | 0.00 | Aug 7, 2017 | A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco IOS XE Software or devices that are not configured to use Autonomic Networking. More Information: CSCvd22328. Known Affected Releases: 15.5(1)S3.1 Denali-16.2.1. | |
| CVE-2017-11132 | Hig | 0.49 | 7.5 | 0.00 | Aug 1, 2017 | An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. | |
| CVE-2017-7726 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2017 | iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |
| CVE-2017-4981 | Hig | 0.49 | 7.5 | 0.01 | Jun 14, 2017 | EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. |