Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2010-4237 | Improper Certificate Validation vulnerability in Mercurial Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | 4.3 |
| 2019-10-28 | CVE-2019-5538 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. | 4.3 |
| 2019-10-28 | CVE-2019-5537 | Improper Certificate Validation vulnerability in VMWare Vcenter Server 6.5/6.7 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. | 4.3 |
| 2019-10-22 | CVE-2019-11674 | Improper Certificate Validation vulnerability in Microfocus Netiq Self Service Password Reset Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. | 5.9 |
| 2019-10-16 | CVE-2019-10446 | Improper Certificate Validation vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 8.2 |
| 2019-10-16 | CVE-2019-10444 | Improper Certificate Validation vulnerability in Jenkins Bumblebee HP ALM Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | 6.5 |
| 2019-10-09 | CVE-2019-0054 | Improper Certificate Validation vulnerability in Juniper Junos 15.1X49 An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. | 5.8 |
| 2019-10-09 | CVE-2019-5506 | Improper Certificate Validation vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | 4.3 |
| 2019-10-07 | CVE-2019-16263 | Improper Certificate Validation vulnerability in Twitter KIT The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. | 5.8 |
| 2019-10-01 | CVE-2019-15042 | Improper Certificate Validation vulnerability in Jetbrains Teamcity 2018.2.4 An issue was discovered in JetBrains TeamCity 2018.2.4. | 5.0 |