Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-12 | CVE-2017-14612 | Improper Certificate Validation vulnerability in Shpock "Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2018-07-11 | CVE-2018-8356 | Improper Certificate Validation vulnerability in Microsoft products A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 5.5 |
| 2018-07-10 | CVE-2018-12461 | Improper Certificate Validation vulnerability in Netiq Edirectory 9.1.1 Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | 7.5 |
| 2018-07-02 | CVE-2018-12499 | Improper Certificate Validation vulnerability in Motorola Mbp853 Firmware The Motorola MBP853 firmware does not correctly validate server certificates. | 7.4 |
| 2018-06-27 | CVE-2018-1543 | Improper Certificate Validation vulnerability in IBM Websphere MQ 8.0/9.0 IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. | 5.9 |
| 2018-06-26 | CVE-2018-1000605 | Improper Certificate Validation vulnerability in Jenkins Collabnet A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | 7.4 |
| 2018-06-26 | CVE-2018-1000520 | Improper Certificate Validation vulnerability in ARM Mbed TLS ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. | 7.5 |
| 2018-06-26 | CVE-2018-1000500 | Improper Certificate Validation vulnerability in Busybox Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. | 8.1 |
| 2018-06-26 | CVE-2018-0611 | Improper Certificate Validation vulnerability in ANA The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2018-06-18 | CVE-2018-1153 | Improper Certificate Validation vulnerability in Portswigger Burp Suite 1.7.32/1.7.33 Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | 7.4 |