Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-26 | CVE-2023-49312 | Improper Certificate Validation vulnerability in Precisionbridge Precision Bridge Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | 9.1 |
| 2023-11-22 | CVE-2023-43082 | Improper Certificate Validation vulnerability in Dell products Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. | 5.9 |
| 2023-11-16 | CVE-2023-48052 | Improper Certificate Validation vulnerability in Httpie 3.2.2 Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 7.4 |
| 2023-11-16 | CVE-2023-48054 | Improper Certificate Validation vulnerability in Localstack 2.3.2 Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 7.4 |
| 2023-11-07 | CVE-2023-42532 | Improper Certificate Validation vulnerability in Samsung Android 11.0/12.0 Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | 7.5 |
| 2023-11-01 | CVE-2023-46724 | Improper Certificate Validation vulnerability in Squid-Cache Squid Squid is a caching proxy for the Web. | 7.5 |
| 2023-10-31 | CVE-2023-42425 | Improper Certificate Validation vulnerability in Turing Edge+ Evc5Fd Firmware 1.38.6 An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. | 9.8 |
| 2023-10-26 | CVE-2023-31421 | Improper Certificate Validation vulnerability in Elastic products It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. | 7.5 |
| 2023-10-25 | CVE-2023-31580 | Improper Certificate Validation vulnerability in Networknt Light-Oauth2 light-oauth2 before version 2.1.27 obtains the public key without any verification. | 5.9 |
| 2023-10-17 | CVE-2022-3761 | Improper Certificate Validation vulnerability in Openvpn Connect OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials | 5.9 |