Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2017-7080 | Improper Certificate Validation vulnerability in Apple products An issue was discovered in certain Apple products. | 7.5 |
| 2017-10-20 | CVE-2017-6144 | Improper Certificate Validation vulnerability in F5 Big-Ip Policy Enforcement Manager 12.1.0/12.1.1/12.1.2 In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. | 7.4 |
| 2017-10-18 | CVE-2014-7242 | Improper Certificate Validation vulnerability in Ms-Ins Sumaho and Sumaho Driving Capability Diagnosis The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | 5.9 |
| 2017-10-18 | CVE-2014-3706 | Improper Certificate Validation vulnerability in Redhat Enterprise MRG 3.0 ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | 5.9 |
| 2017-10-13 | CVE-2017-10620 | Improper Certificate Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. | 7.4 |
| 2017-10-12 | CVE-2015-6358 | Improper Certificate Validation vulnerability in Cisco products Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | 5.9 |
| 2017-10-10 | CVE-2015-7778 | Improper Certificate Validation vulnerability in Gurunavi Gournavi 5.4.4 Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | 5.9 |
| 2017-10-10 | CVE-2015-5639 | Improper Certificate Validation vulnerability in Dwango Niconico 6.37 niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | 7.4 |
| 2017-10-10 | CVE-2015-2988 | Improper Certificate Validation vulnerability in Rakutencard Rakuten Card Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | 7.4 |
| 2017-10-05 | CVE-2017-1000097 | Improper Certificate Validation vulnerability in Golang GO On Darwin, user's trust preferences for root certificates were not honored. | 7.5 |