Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-25 | CVE-2019-1683 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. | 7.4 |
| 2019-02-22 | CVE-2019-7728 | Improper Certificate Validation vulnerability in Bosch Smart Camera An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. | 5.1 |
| 2019-02-21 | CVE-2019-1659 | Improper Certificate Validation vulnerability in Cisco Prime Infrastructure A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. | 5.8 |
| 2019-02-13 | CVE-2019-8337 | Improper Certificate Validation vulnerability in Marlam Mpop and Msmtp In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | 5.0 |
| 2019-02-06 | CVE-2019-1003009 | Improper Certificate Validation vulnerability in Jenkins Active Directory An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. | 7.4 |
| 2019-02-05 | CVE-2017-1200 | Improper Certificate Validation vulnerability in IBM Bigfix Compliance 1.7/1.8/1.9.91 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.3 |
| 2019-01-29 | CVE-2019-3807 | Improper Certificate Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. | 6.4 |
| 2019-01-23 | CVE-2018-20245 | Improper Certificate Validation vulnerability in Apache Airflow The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. | 7.5 |
| 2019-01-18 | CVE-2018-15784 | Improper Certificate Validation vulnerability in Dell Networking Os10 10.4.2.1 Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. | 5.8 |
| 2019-01-09 | CVE-2018-16187 | Improper Certificate Validation vulnerability in Ricoh products The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. | 4.3 |