Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2022-45856 Improper Certificate Validation vulnerability in Fortinet Forticlient
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider.
network
high complexity
fortinet CWE-295
5.9
2024-09-10 CVE-2024-31489 Improper Certificate Validation vulnerability in Fortinet Forticlient
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation
network
high complexity
fortinet CWE-295
8.1
2024-09-06 CVE-2024-38642 Improper Certificate Validation vulnerability in Qnap Qumagie 2.3.0
An improper certificate validation vulnerability has been reported to affect QuMagie.
local
low complexity
qnap CWE-295
7.8
2024-09-05 CVE-2024-45159 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS 3.x before 3.6.1.
network
low complexity
arm CWE-295
critical
9.8
2024-08-30 CVE-2024-8285 Improper Certificate Validation vulnerability in Redhat Kroxylicious
A flaw was found in Kroxylicious.
network
high complexity
redhat CWE-295
5.9
2024-08-28 CVE-2024-39771 Improper Certificate Validation vulnerability in Safie Qbic Cloud Cc-2/2L Firmware and Safie ONE Firmware
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
high complexity
safie CWE-295
6.8
2024-08-13 CVE-2024-7570 Improper Certificate Validation vulnerability in Ivanti Neurons for Itsm 2023.2/2023.3/2023.4
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
network
high complexity
ivanti CWE-295
8.1
2024-08-01 CVE-2024-32865 Improper Certificate Validation vulnerability in Johnsoncontrols Exacqvision Server 21.06.11.0/9.6/9.8
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
low complexity
johnsoncontrols CWE-295
7.3
2024-08-01 CVE-2024-41264 Improper Certificate Validation vulnerability in Casbin Casdoor 1.636.0
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
network
low complexity
casbin CWE-295
7.5
2024-07-31 CVE-2024-40464 Improper Certificate Validation vulnerability in Beego
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
network
low complexity
beego CWE-295
8.8