Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-30517 | Improper Certificate Validation vulnerability in Jenkins Neuvector vulnerability Scanner Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. | 5.3 |
| 2023-04-12 | CVE-2022-48437 | Improper Certificate Validation vulnerability in Openbsd An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. | 5.3 |
| 2023-04-11 | CVE-2023-22642 | Improper Certificate Validation vulnerability in Fortinet Fortianalyzer and Fortimanager An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. | 8.1 |
| 2023-04-11 | CVE-2023-23588 | Improper Certificate Validation vulnerability in multiple products A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). | 6.3 |
| 2023-04-10 | CVE-2023-28093 | Improper Certificate Validation vulnerability in Pega Synchronization Engine A user with a compromised configuration can start an unsigned binary as a service. | 6.5 |
| 2023-04-10 | CVE-2023-25392 | Improper Certificate Validation vulnerability in Allegro Bigflow Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. | 5.9 |
| 2023-03-28 | CVE-2023-0465 | Improper Certificate Validation vulnerability in Openssl Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | 5.3 |
| 2023-03-28 | CVE-2023-0466 | Improper Certificate Validation vulnerability in Openssl The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. | 5.3 |
| 2023-03-24 | CVE-2022-45597 | Improper Certificate Validation vulnerability in Componentspace Saml 4.4.0 ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. | 9.8 |
| 2023-03-24 | CVE-2023-20963 | Improper Certificate Validation vulnerability in Google Android In WorkSource, there is a possible parcel mismatch. | 7.8 |