Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-10314 | Improper Certificate Validation vulnerability in Jenkins Koji Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 |
| 2019-04-18 | CVE-2019-11324 | Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. | 7.5 |
| 2019-04-18 | CVE-2018-20200 | Improper Certificate Validation vulnerability in Squareup Okhttp CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. | 5.9 |
| 2019-04-08 | CVE-2019-10914 | Improper Certificate Validation vulnerability in Matrixssl pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | 9.8 |
| 2019-04-03 | CVE-2018-4436 | Improper Certificate Validation vulnerability in Apple Iphone OS and Watchos A certificate validation issue existed in configuration profiles. | 7.5 |
| 2019-03-28 | CVE-2019-1757 | Improper Certificate Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. | 5.9 |
| 2019-03-28 | CVE-2019-1748 | Improper Certificate Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. | 7.4 |
| 2019-03-27 | CVE-2018-5926 | Improper Certificate Validation vulnerability in HP Remote Graphics Software 7.5.0 A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | 9.1 |
| 2019-03-27 | CVE-2019-3814 | Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. | 6.8 |
| 2019-03-25 | CVE-2019-3841 | Improper Certificate Validation vulnerability in Kubevirt Containerized Data Importer Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. | 6.8 |