Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-39771 Improper Certificate Validation vulnerability in Safie Qbic Cloud Cc-2/2L Firmware and Safie ONE Firmware
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
high complexity
safie CWE-295
6.8
2024-08-21 CVE-2024-8007 Improper Certificate Validation vulnerability in Redhat Openstack Platform 16.1/16.2/17.1
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director.
network
high complexity
redhat CWE-295
8.1
2024-08-13 CVE-2024-7570 Improper Certificate Validation vulnerability in Ivanti Neurons for Itsm 2023.2/2023.3/2023.4
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
network
high complexity
ivanti CWE-295
8.1
2024-08-01 CVE-2024-32865 Improper Certificate Validation vulnerability in Johnsoncontrols Exacqvision Server 21.06.11.0/9.6/9.8
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
low complexity
johnsoncontrols CWE-295
7.3
2024-08-01 CVE-2024-41264 Improper Certificate Validation vulnerability in Casbin Casdoor 1.636.0
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
network
low complexity
casbin CWE-295
7.5
2024-07-31 CVE-2024-40464 Improper Certificate Validation vulnerability in Beego
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
network
low complexity
beego CWE-295
8.8
2024-07-31 CVE-2024-41256 Improper Certificate Validation vulnerability in Filestash
Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.
network
high complexity
filestash CWE-295
5.9
2024-07-11 CVE-2024-28872 Improper Certificate Validation vulnerability in ISC Stork
The TLS certificate validation code is flawed.
network
high complexity
isc CWE-295
8.1
2024-07-09 CVE-2024-37865 Improper Certificate Validation vulnerability in S3Browser S3 Browser
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
network
high complexity
s3browser CWE-295
5.9
2024-07-09 CVE-2024-39698 Improper Certificate Validation vulnerability in Electron Electron-Builder
electron-updater allows for automatic updates for Electron apps.
network
high complexity
electron CWE-295
7.5