Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-07 | CVE-2024-0042 | Improper Certificate Validation vulnerability in Google Android In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. | 7.8 |
| 2024-04-01 | CVE-2024-27323 | Improper Certificate Validation vulnerability in Pdf-Xchange Pdf-Tools and Pdf-Xchange Editor PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. | 7.5 |
| 2024-02-15 | CVE-2023-40104 | Improper Certificate Validation vulnerability in Google Android In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. | 7.5 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-06 | CVE-2024-25140 | Improper Certificate Validation vulnerability in Rustdesk 1.2.3 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. | 9.8 |
| 2024-02-05 | CVE-2024-1052 | Improper Certificate Validation vulnerability in Hashicorp Boundary Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. | 8.0 |
| 2024-02-03 | CVE-2024-0853 | Improper Certificate Validation vulnerability in Haxx Curl 8.5.0 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. | 5.3 |
| 2024-02-02 | CVE-2020-29504 | Improper Certificate Validation vulnerability in Dell products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 9.8 |
| 2024-01-31 | CVE-2023-28807 | Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | 7.5 |
| 2024-01-30 | CVE-2023-51837 | Improper Certificate Validation vulnerability in Meshcentral 1.1.16 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 9.8 |