Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-25140 | Improper Certificate Validation vulnerability in Rustdesk 1.2.3 A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. | 9.8 |
| 2024-02-05 | CVE-2024-1052 | Improper Certificate Validation vulnerability in Hashicorp Boundary Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. | 8.0 |
| 2024-02-03 | CVE-2024-0853 | Improper Certificate Validation vulnerability in Haxx Curl 8.5.0 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. | 5.3 |
| 2024-02-02 | CVE-2020-29504 | Improper Certificate Validation vulnerability in Dell products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. | 9.8 |
| 2024-01-31 | CVE-2023-28807 | Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | 7.5 |
| 2024-01-30 | CVE-2023-51837 | Improper Certificate Validation vulnerability in Meshcentral 1.1.16 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 9.8 |
| 2024-01-25 | CVE-2023-33757 | Improper Certificate Validation vulnerability in Splicecom Ipcs and Ipcs2 A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. | 5.9 |
| 2024-01-25 | CVE-2023-33760 | Improper Certificate Validation vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. | 5.3 |
| 2023-12-21 | CVE-2023-5594 | Improper Certificate Validation vulnerability in Eset products Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. | 8.6 |
| 2023-12-19 | CVE-2023-1514 | Improper Certificate Validation vulnerability in Hitachienergy Rtu500 Scripting Interface 1.0.1.30/1.0.2/1.1.1 A vulnerability exists in the component RTU500 Scripting interface. | 7.5 |