Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-7570 | Improper Certificate Validation vulnerability in Ivanti Neurons for Itsm 2023.2/2023.3/2023.4 Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | 8.1 |
| 2024-08-01 | CVE-2024-32865 | Improper Certificate Validation vulnerability in Johnsoncontrols Exacqvision Server 21.06.11.0/9.6/9.8 Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | 7.3 |
| 2024-08-01 | CVE-2024-41264 | Improper Certificate Validation vulnerability in Casbin Casdoor 1.636.0 An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. | 7.5 |
| 2024-07-31 | CVE-2024-40464 | Improper Certificate Validation vulnerability in Beego An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | 8.8 |
| 2024-07-31 | CVE-2024-41256 | Improper Certificate Validation vulnerability in Filestash Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack. | 5.9 |
| 2024-07-11 | CVE-2024-28872 | Improper Certificate Validation vulnerability in ISC Stork The TLS certificate validation code is flawed. | 8.1 |
| 2024-07-09 | CVE-2024-37865 | Improper Certificate Validation vulnerability in S3Browser S3 Browser An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. | 5.9 |
| 2024-07-09 | CVE-2024-39698 | Improper Certificate Validation vulnerability in Electron Electron-Builder electron-updater allows for automatic updates for Electron apps. | 7.5 |
| 2024-07-09 | CVE-2023-50178 | Improper Certificate Validation vulnerability in Fortinet Fortiadc An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | 7.4 |
| 2024-07-09 | CVE-2023-50179 | Improper Certificate Validation vulnerability in Fortinet Fortiadc An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | 5.9 |