Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-31151 | Improper Certificate Validation vulnerability in Selinc products An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. | 4.2 |
| 2023-05-10 | CVE-2023-23901 | Improper Certificate Validation vulnerability in Seiko-Sol products Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. | 6.5 |
| 2023-05-01 | CVE-2022-48186 | Improper Certificate Validation vulnerability in Lenovo Baiying A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | 6.2 |
| 2023-04-29 | CVE-2023-31484 | Improper Certificate Validation vulnerability in multiple products CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | 8.1 |
| 2023-04-29 | CVE-2023-31485 | Improper Certificate Validation vulnerability in Gitlab::Api::V4 Project Gitlab::Api::V4 GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | 5.9 |
| 2023-04-29 | CVE-2023-31486 | Improper Certificate Validation vulnerability in multiple products HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | 8.1 |
| 2023-04-27 | CVE-2022-47758 | Improper Certificate Validation vulnerability in Nanoleaf Firmware 7.1.1 Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | 9.8 |
| 2023-04-15 | CVE-2021-46880 | Improper Certificate Validation vulnerability in Openbsd x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | 9.8 |
| 2023-04-15 | CVE-2023-26463 | Improper Certificate Validation vulnerability in Strongswan 5.9.8/5.9.9 strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. | 9.8 |
| 2023-04-12 | CVE-2023-30516 | Improper Certificate Validation vulnerability in Jenkins Image TAG Parameter Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. | 6.5 |