Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000520 Improper Certificate Validation vulnerability in ARM Mbed TLS
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be..
network
low complexity
arm CWE-295
5.0
2018-06-26 CVE-2018-1000500 Improper Certificate Validation vulnerability in Busybox
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution.
network
busybox CWE-295
6.8
2018-06-26 CVE-2018-0611 Improper Certificate Validation vulnerability in ANA
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
ana CWE-295
5.8
2018-06-18 CVE-2018-1153 Improper Certificate Validation vulnerability in Portswigger Burp Suite 1.7.32/1.7.33
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
5.8
2018-06-17 CVE-2018-10377 Improper Certificate Validation vulnerability in Portswigger Burp Suite
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
4.3
2018-06-13 CVE-2018-10408 Improper Certificate Validation vulnerability in Virustotal
An issue was discovered in VirusTotal.
6.8
2018-06-13 CVE-2018-10406 Improper Certificate Validation vulnerability in Yelp Osxcollector 1.8
An issue was discovered in Yelp OSXCollector.
network
yelp CWE-295
6.8
2018-06-13 CVE-2018-10405 Improper Certificate Validation vulnerability in Google Santa
An issue was discovered in Google Santa and molcodesignchecker.
network
google CWE-295
6.8
2018-06-13 CVE-2018-10404 Improper Certificate Validation vulnerability in Objective-See products
An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo.
6.8
2018-06-13 CVE-2018-10403 Improper Certificate Validation vulnerability in F-Secure Xfence
An issue was discovered in F-Secure XFENCE and Little Flocker.
network
f-secure CWE-295
6.8