Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-38324 | Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | 6.5 |
| 2024-09-23 | CVE-2024-43201 | Improper Certificate Validation vulnerability in Planetfitness Planet Fitness Workouts The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | 5.9 |
| 2024-09-18 | CVE-2024-8287 | Improper Certificate Validation vulnerability in Canonical Anbox Cloud Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. | 7.5 |
| 2024-09-10 | CVE-2022-45856 | Improper Certificate Validation vulnerability in Fortinet Forticlient An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | 5.9 |
| 2024-09-10 | CVE-2024-31489 | Improper Certificate Validation vulnerability in Fortinet Forticlient AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | 8.1 |
| 2024-09-06 | CVE-2024-38642 | Improper Certificate Validation vulnerability in Qnap Qumagie 2.3.0 An improper certificate validation vulnerability has been reported to affect QuMagie. | 7.8 |
| 2024-09-05 | CVE-2024-45159 | Improper Certificate Validation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS 3.x before 3.6.1. | 9.8 |
| 2024-08-30 | CVE-2024-8285 | Improper Certificate Validation vulnerability in Redhat Kroxylicious A flaw was found in Kroxylicious. | 5.9 |
| 2024-08-28 | CVE-2024-39771 | Improper Certificate Validation vulnerability in Safie Qbic Cloud Cc-2/2L Firmware and Safie ONE Firmware QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | 6.8 |
| 2024-08-21 | CVE-2024-8007 | Improper Certificate Validation vulnerability in Redhat Openstack Platform 16.1/16.2/17.1 A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. | 8.1 |