Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2018-15326 | Improper Certificate Validation vulnerability in F5 Big-Ip Access Policy Manager In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. | 6.0 |
| 2018-10-24 | CVE-2018-18568 | Improper Certificate Validation vulnerability in Polycom Unified Communications Software Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 4.3 |
| 2018-10-24 | CVE-2018-18567 | Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 4.3 |
| 2018-10-05 | CVE-2018-15387 | Improper Certificate Validation vulnerability in Cisco Sd-Wan A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. | 7.5 |
| 2018-10-05 | CVE-2018-0434 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 5.8 |
| 2018-10-03 | CVE-2018-12087 | Improper Certificate Validation vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-.Netstandard Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | 2.1 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 5.8 |
| 2018-09-26 | CVE-2018-17215 | Improper Certificate Validation vulnerability in Postman An information-disclosure issue was discovered in Postman through 6.3.0. | 8.1 |
| 2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in Pivotal Software Rabbitmq and Spring Advanced Message Queuing Protocol Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 4.3 |
| 2018-09-13 | CVE-2018-8479 | Improper Certificate Validation vulnerability in Microsoft products A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | 6.8 |