Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2018-1999034 | Improper Certificate Validation vulnerability in Jenkins Inedo Proget A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. | 7.4 |
| 2018-08-01 | CVE-2018-1999025 | Improper Certificate Validation vulnerability in Jenkins Tracetronic Ecu-Test A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | 7.4 |
| 2018-07-31 | CVE-2018-8020 | Improper Certificate Validation vulnerability in multiple products Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. | 7.4 |
| 2018-07-31 | CVE-2018-8019 | Improper Certificate Validation vulnerability in multiple products When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. | 7.4 |
| 2018-07-27 | CVE-2017-2649 | Improper Certificate Validation vulnerability in Jenkins Active Directory It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks. | 8.1 |
| 2018-07-27 | CVE-2017-2648 | Improper Certificate Validation vulnerability in Jenkins SSH Slaves It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks. | 5.6 |
| 2018-07-27 | CVE-2017-2629 | Improper Certificate Validation vulnerability in Haxx Curl curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. | 6.5 |
| 2018-07-27 | CVE-2017-2623 | Improper Certificate Validation vulnerability in multiple products It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. | 5.3 |
| 2018-07-26 | CVE-2018-0622 | Improper Certificate Validation vulnerability in DHC Online Shop The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2018-07-24 | CVE-2017-3182 | Improper Certificate Validation vulnerability in Threatmetrix SDK On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. | 6.8 |