Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-11 | CVE-2024-28872 | Improper Certificate Validation vulnerability in ISC Stork The TLS certificate validation code is flawed. | 8.1 |
| 2024-07-09 | CVE-2024-39698 | Improper Certificate Validation vulnerability in Electron Electron-Builder electron-updater allows for automatic updates for Electron apps. | 7.5 |
| 2024-02-15 | CVE-2023-47537 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | 4.8 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-07 | CVE-2023-43017 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. | 7.2 |
| 2024-02-07 | CVE-2023-47700 | Improper Certificate Validation vulnerability in IBM Storage Virtualize 8.6 IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. | 7.5 |
| 2024-02-06 | CVE-2024-25140 | Improper Certificate Validation vulnerability in Rustdesk 1.2.3 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. | 9.8 |
| 2024-02-05 | CVE-2024-1052 | Improper Certificate Validation vulnerability in Hashicorp Boundary Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. | 8.0 |
| 2024-02-03 | CVE-2024-0853 | Improper Certificate Validation vulnerability in Haxx Curl 8.5.0 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. | 5.3 |
| 2024-02-02 | CVE-2020-29504 | Improper Certificate Validation vulnerability in Dell products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 9.8 |