Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-08 | CVE-2024-33612 | Improper Certificate Validation vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. | 8.0 |
| 2024-05-07 | CVE-2024-0042 | Improper Certificate Validation vulnerability in Google Android In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. | 7.8 |
| 2024-04-09 | CVE-2024-29050 | Improper Certificate Validation vulnerability in Microsoft products Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
| 2024-04-01 | CVE-2024-27323 | Improper Certificate Validation vulnerability in Pdf-Xchange Pdf-Tools and Pdf-Xchange Editor PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. | 7.5 |
| 2024-03-07 | CVE-2024-1351 | Improper Certificate Validation vulnerability in multiple products Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. | 9.8 |
| 2024-02-15 | CVE-2023-40104 | Improper Certificate Validation vulnerability in Google Android In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. | 7.5 |
| 2024-02-07 | CVE-2023-32330 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. | 9.8 |
| 2024-02-06 | CVE-2024-25140 | Improper Certificate Validation vulnerability in Rustdesk 1.2.3 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. | 9.8 |
| 2024-02-05 | CVE-2024-1052 | Improper Certificate Validation vulnerability in Hashicorp Boundary Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. | 8.0 |
| 2024-02-03 | CVE-2024-0853 | Improper Certificate Validation vulnerability in Haxx Curl 8.5.0 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. | 5.3 |