Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2017-13863 | Improper Certificate Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.3 |
| 2018-04-02 | CVE-2018-9127 | Improper Certificate Validation vulnerability in Botan Project Botan 2.2.0/2.3.0/2.4.0 Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. | 7.5 |
| 2018-03-27 | CVE-2015-4954 | Improper Certificate Validation vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. | 4.3 |
| 2018-03-26 | CVE-2018-5466 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 5.0 |
| 2018-03-26 | CVE-2018-5464 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 5.0 |
| 2018-03-26 | CVE-2018-5462 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 5.0 |
| 2018-03-24 | CVE-2018-8970 | Improper Certificate Validation vulnerability in Openbsd Libressl 2.7.0 The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2018-03-22 | CVE-2018-5502 | Improper Certificate Validation vulnerability in F5 products On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. | 5.0 |
| 2018-03-15 | CVE-2018-6221 | Improper Certificate Validation vulnerability in Trendmicro Email Encryption Gateway 5.5 An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. | 9.3 |
| 2018-03-15 | CVE-2018-6219 | Improper Certificate Validation vulnerability in Trendmicro Email Encryption Gateway 5.5 An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. | 6.4 |