Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-16 | CVE-2022-37437 | Improper Certificate Validation vulnerability in Splunk 9.0.0 When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. | 9.8 |
| 2022-08-16 | CVE-2022-34156 | Improper Certificate Validation vulnerability in Hjholdings Hulu 'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 4.8 |
| 2022-07-28 | CVE-2022-1805 | Improper Certificate Validation vulnerability in Teradici Tera2 Pcoip Zero Client Firmware When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. | 8.1 |
| 2022-07-27 | CVE-2022-36881 | Improper Certificate Validation vulnerability in Jenkins GIT Client Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | 8.1 |
| 2022-07-25 | CVE-2022-26305 | Improper Certificate Validation vulnerability in Libreoffice 7.2.0/7.3.0/7.3.1 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. | 7.5 |
| 2022-07-21 | CVE-2022-20860 | Improper Certificate Validation vulnerability in Cisco Nexus Dashboard A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. | 7.4 |
| 2022-07-20 | CVE-2021-29755 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. | 7.5 |
| 2022-07-18 | CVE-2021-22131 | Improper Certificate Validation vulnerability in Fortinet Fortitoken Mobile A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks. | 5.4 |
| 2022-07-18 | CVE-2020-16093 | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
| 2022-07-14 | CVE-2022-32210 | Improper Certificate Validation vulnerability in Nodejs Undici `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. | 6.5 |