Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2017-15341 | Improper Certificate Validation vulnerability in Huawei products Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. | 7.5 |
| 2018-02-15 | CVE-2017-12721 | Improper Certificate Validation vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 5.9 |
| 2018-02-12 | CVE-2017-9968 | Improper Certificate Validation vulnerability in Schneider-Electric Igss Mobile 3.01 A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack. | 5.9 |
| 2018-02-09 | CVE-2018-6827 | Improper Certificate Validation vulnerability in Omninova Vobot Firmware VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | 8.1 |
| 2018-01-31 | CVE-2018-6374 | Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client 5.2R9.2 The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. | 6.5 |
| 2018-01-31 | CVE-2017-15698 | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |
| 2018-01-26 | CVE-2017-1000396 | Improper Certificate Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | 5.9 |
| 2018-01-22 | CVE-2017-1000417 | Improper Certificate Validation vulnerability in Matrixssl 3.7.2 MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. | 5.3 |
| 2018-01-22 | CVE-2018-5761 | Improper Certificate Validation vulnerability in Rubrik CDM 3.0.0/4.0.0/4.0.4 A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. | 8.1 |
| 2018-01-19 | CVE-2017-6142 | Improper Certificate Validation vulnerability in F5 Big-Ip Advanced Firewall Manager X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | 4.8 |