Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-32151 Improper Certificate Validation vulnerability in Splunk
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203.
network
low complexity
splunk CWE-295
6.4
2022-06-15 CVE-2022-32152 Improper Certificate Validation vulnerability in Splunk
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.
network
low complexity
splunk CWE-295
6.5
2022-06-15 CVE-2022-32153 Improper Certificate Validation vulnerability in Splunk
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.
network
splunk CWE-295
6.8
2022-06-15 CVE-2022-32156 Improper Certificate Validation vulnerability in Splunk
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default.
network
splunk CWE-295
6.8
2022-06-14 CVE-2022-29482 Improper Certificate Validation vulnerability in Dena Mobaoku-Auction & Flea Market
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
network
dena CWE-295
4.3
2022-06-10 CVE-2022-32563 Improper Certificate Validation vulnerability in Couchbase Sync Gateway 3.0.0
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2.
network
couchbase CWE-295
6.8
2022-06-03 CVE-2022-26493 Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user.
network
low complexity
drupal CWE-295
6.5
2022-06-02 CVE-2022-26491 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Pidgin before 2.14.9.
4.3
2022-06-02 CVE-2022-27782 Improper Certificate Validation vulnerability in Haxx Curl
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.
network
low complexity
haxx CWE-295
5.0
2022-06-01 CVE-2020-26184 Improper Certificate Validation vulnerability in Dell Bsafe Micro-Edition-Suite
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
network
low complexity
dell CWE-295
5.0