Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2022-11-27 CVE-2022-43705 Improper Certificate Validation vulnerability in Botan Project Botan
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error.
network
low complexity
botan-project CWE-295
critical
9.1
2022-11-25 CVE-2022-39334 Improper Certificate Validation vulnerability in Nextcloud Desktop
Nextcloud desktop is the desktop sync client for Nextcloud.
local
high complexity
nextcloud CWE-295
4.7
2022-11-15 CVE-2022-38666 Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
network
low complexity
jenkins CWE-295
7.5
2022-11-15 CVE-2022-45391 Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
network
low complexity
jenkins CWE-295
7.5
2022-11-15 CVE-2022-42131 Improper Certificate Validation vulnerability in Liferay Digital Experience Platform and Liferay Portal
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers.
network
high complexity
liferay CWE-295
4.8
2022-11-04 CVE-2022-20960 Improper Certificate Validation vulnerability in Cisco Email Security Appliance
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-295
7.5
2022-11-04 CVE-2022-33684 Improper Certificate Validation vulnerability in Apache Pulsar
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration.
network
high complexity
apache CWE-295
8.1
2022-11-01 CVE-2022-42813 Improper Certificate Validation vulnerability in Apple products
A certificate validation issue existed in the handling of WKWebView.
network
low complexity
apple CWE-295
critical
9.8
2022-10-12 CVE-2022-41316 Improper Certificate Validation vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved.
network
low complexity
hashicorp CWE-295
5.3
2022-10-11 CVE-2022-40147 Improper Certificate Validation vulnerability in Siemens Industrial Edge Management
A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1).
network
high complexity
siemens CWE-295
7.4