Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-01 | CVE-2022-1632 | Improper Certificate Validation vulnerability in multiple products An Improper Certificate Validation attack was found in Openshift. | 6.5 |
| 2022-09-01 | CVE-2022-2996 | Improper Certificate Validation vulnerability in multiple products A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. | 7.4 |
| 2022-08-25 | CVE-2021-43766 | Improper Certificate Validation vulnerability in Odyssey Project Odyssey 1.1 Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
| 2022-08-25 | CVE-2021-43767 | Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. | 5.9 |
| 2022-08-23 | CVE-2020-35509 | Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0 A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. | 5.4 |
| 2022-08-16 | CVE-2022-37437 | Improper Certificate Validation vulnerability in Splunk 9.0.0 When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. | 9.8 |
| 2022-08-16 | CVE-2022-34156 | Improper Certificate Validation vulnerability in Hjholdings Hulu 'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 4.8 |
| 2022-08-04 | CVE-2022-34865 | Improper Certificate Validation vulnerability in F5 products In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. | 9.1 |
| 2022-08-01 | CVE-2022-31183 | Improper Certificate Validation vulnerability in Typelevel FS2 fs2 is a compositional, streaming I/O library for Scala. | 9.8 |
| 2022-07-28 | CVE-2022-1805 | Improper Certificate Validation vulnerability in Teradici Tera2 Pcoip Zero Client Firmware When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. | 8.1 |