Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-38355 | Improper Certificate Validation vulnerability in Minitool Movie Maker 7.0 MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 |
| 2023-09-19 | CVE-2023-38356 | Improper Certificate Validation vulnerability in Minitool Power Data Recovery 11.6 MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 |
| 2023-09-13 | CVE-2023-4801 | Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. | 7.5 |
| 2023-09-11 | CVE-2023-35845 | Improper Certificate Validation vulnerability in Anaconda Anaconda3 2023.031 Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. | 4.7 |
| 2023-09-06 | CVE-2023-30729 | Improper Certificate Validation vulnerability in Samsung Email Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. | 7.5 |
| 2023-09-03 | CVE-2023-41180 | Improper Certificate Validation vulnerability in Apache Nifi Minifi C++ 0.13.0/0.14.0 Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. | 5.9 |
| 2023-09-01 | CVE-2022-22305 | Improper Certificate Validation vulnerability in Fortinet products An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | 4.2 |
| 2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
| 2023-08-23 | CVE-2023-39441 | Improper Certificate Validation vulnerability in Apache products Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability | 5.9 |
| 2023-08-14 | CVE-2023-21265 | Improper Certificate Validation vulnerability in Google Android In multiple locations, there are root CA certificates which need to be disabled. | 7.5 |