Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2024-07-31 CVE-2024-41256 Improper Certificate Validation vulnerability in Filestash
Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.
network
high complexity
filestash CWE-295
5.9
2024-07-11 CVE-2024-28872 Improper Certificate Validation vulnerability in ISC Stork
The TLS certificate validation code is flawed.
network
high complexity
isc CWE-295
8.1
2024-07-09 CVE-2024-37865 Improper Certificate Validation vulnerability in S3Browser S3 Browser
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
network
high complexity
s3browser CWE-295
5.9
2024-07-09 CVE-2024-39698 Improper Certificate Validation vulnerability in Electron Electron-Builder
electron-updater allows for automatic updates for Electron apps.
network
high complexity
electron CWE-295
7.5
2024-07-08 CVE-2024-39312 Improper Certificate Validation vulnerability in Botan Project Botan
Botan is a C++ cryptography library.
network
low complexity
botan-project CWE-295
5.3
2024-06-11 CVE-2024-28021 Improper Certificate Validation vulnerability in Hitachienergy Foxman-Un, Foxman UN and Unem
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation.
network
high complexity
hitachienergy CWE-295
7.4
2024-05-16 CVE-2024-35299 Improper Certificate Validation vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
network
low complexity
jetbrains CWE-295
7.5
2024-05-08 CVE-2024-33612 Improper Certificate Validation vulnerability in F5 Big-Ip Next Central Manager 20.1.0
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.
network
high complexity
f5 CWE-295
8.0
2024-05-07 CVE-2024-0042 Improper Certificate Validation vulnerability in Google Android
In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto.
local
low complexity
google CWE-295
7.8
2024-04-09 CVE-2024-29050 Improper Certificate Validation vulnerability in Microsoft products
Windows Cryptographic Services Remote Code Execution Vulnerability
local
low complexity
microsoft CWE-295
7.8