Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2023-40256 | Improper Certificate Validation vulnerability in Veritas Netbackup Snapshot Manager A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. | 9.8 |
| 2023-08-04 | CVE-2023-38686 | Improper Certificate Validation vulnerability in Matrix Sydent Sydent is an identity server for the Matrix communications protocol. | 5.3 |
| 2023-07-18 | CVE-2023-34143 | Improper Certificate Validation vulnerability in Hitachi Device Manager Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. | 8.1 |
| 2023-07-17 | CVE-2023-3724 | Improper Certificate Validation vulnerability in Wolfssl If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. | 8.8 |
| 2023-07-17 | CVE-2023-3615 | Improper Certificate Validation vulnerability in Mattermost Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. | 8.1 |
| 2023-07-14 | CVE-2023-38325 | Improper Certificate Validation vulnerability in Cryptography.Io Cryptography The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | 7.5 |
| 2023-07-11 | CVE-2023-31190 | Improper Certificate Validation vulnerability in Bluemark Dronescout Ds230 Firmware DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. | 8.1 |
| 2023-07-06 | CVE-2023-23546 | Improper Certificate Validation vulnerability in Milesight Ur32L Firmware 32.3.0.5 A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. | 8.1 |
| 2023-07-05 | CVE-2023-33201 | Improper Certificate Validation vulnerability in Bouncycastle Bc-Java 1.73 Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. | 5.3 |
| 2023-06-23 | CVE-2023-32464 | Improper Certificate Validation vulnerability in Dell products Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. | 3.3 |