Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2649 | Improper Certificate Validation vulnerability in Jenkins Active Directory It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks. | 8.1 |
| 2018-07-27 | CVE-2017-2648 | Improper Certificate Validation vulnerability in Jenkins SSH Slaves It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks. | 5.6 |
| 2018-07-27 | CVE-2017-2629 | Improper Certificate Validation vulnerability in Haxx Curl curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. | 6.5 |
| 2018-07-27 | CVE-2017-2623 | Improper Certificate Validation vulnerability in multiple products It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. | 5.3 |
| 2018-07-26 | CVE-2018-0622 | Improper Certificate Validation vulnerability in DHC Online Shop The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2018-07-24 | CVE-2017-3182 | Improper Certificate Validation vulnerability in Threatmetrix SDK On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. | 6.8 |
| 2018-07-16 | CVE-2017-7468 | Improper Certificate Validation vulnerability in Haxx Libcurl In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. | 7.5 |
| 2018-07-13 | CVE-2016-6562 | Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109 On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | 7.5 |
| 2018-07-12 | CVE-2017-14710 | Improper Certificate Validation vulnerability in Shein Shein-Fashion Shopping Online The Shein Group Ltd. | 5.9 |
| 2018-07-12 | CVE-2017-14709 | Improper Certificate Validation vulnerability in Komoot The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |