Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-33682 | Improper Certificate Validation vulnerability in Apache Pulsar TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. | 5.9 |
| 2022-09-23 | CVE-2022-33683 | Improper Certificate Validation vulnerability in Apache Pulsar Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. | 5.9 |
| 2022-09-21 | CVE-2022-41243 | Improper Certificate Validation vulnerability in Jenkins Smalltest Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 |
| 2022-09-21 | CVE-2022-41244 | Improper Certificate Validation vulnerability in Jenkins View26 Test-Reporting Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 |
| 2022-09-19 | CVE-2022-29908 | Improper Certificate Validation vulnerability in Fabasoft Cloud Enterprise Client 22.4.0043 The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. | 7.8 |
| 2022-09-14 | CVE-2022-34831 | Improper Certificate Validation vulnerability in Primekey Ejbca An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. | 9.8 |
| 2022-09-12 | CVE-2022-36173 | Improper Certificate Validation vulnerability in Freshworks Freshservice Agent and Freshservice Probe FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. | 8.1 |
| 2022-08-25 | CVE-2021-43766 | Improper Certificate Validation vulnerability in Odyssey Project Odyssey 1.1 Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
| 2022-08-25 | CVE-2021-43767 | Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. | 5.9 |
| 2022-08-23 | CVE-2020-35509 | Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0 A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. | 5.4 |