Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-24 | CVE-2018-18568 | Improper Certificate Validation vulnerability in Polycom Unified Communications Software Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 5.9 |
| 2018-10-24 | CVE-2018-18567 | Improper Certificate Validation vulnerability in Audiocodes 440Hd Firmware and 450Hd Firmware AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | 5.9 |
| 2018-10-05 | CVE-2018-15387 | Improper Certificate Validation vulnerability in Cisco Sd-Wan A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. | 9.8 |
| 2018-10-05 | CVE-2018-0434 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 7.4 |
| 2018-10-03 | CVE-2018-12087 | Improper Certificate Validation vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-.Netstandard Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | 5.3 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 7.4 |
| 2018-09-26 | CVE-2018-17215 | Improper Certificate Validation vulnerability in Postman An information-disclosure issue was discovered in Postman through 6.3.0. | 8.1 |
| 2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 5.9 |
| 2018-09-13 | CVE-2018-8479 | Improper Certificate Validation vulnerability in Microsoft products A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | 5.6 |
| 2018-09-11 | CVE-2018-15898 | Improper Certificate Validation vulnerability in Subsonic Music Streamer 4.4 The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | 5.9 |