Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0509 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2026-06-17 | N/A | 7.4 HIGH |
| Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. | |||||
| CVE-2023-0466 | 1 Openssl | 1 Openssl | 2026-06-17 | N/A | 5.3 MEDIUM |
| The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. | |||||
| CVE-2023-0465 | 1 Openssl | 1 Openssl | 2026-06-17 | N/A | 5.3 MEDIUM |
| Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | |||||
| CVE-2023-0464 | 1 Openssl | 1 Openssl | 2026-06-17 | N/A | 7.5 HIGH |
| A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | |||||
| CVE-2023-0430 | 1 Mozilla | 1 Thunderbird | 2026-06-17 | N/A | 6.5 MEDIUM |
| Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | |||||
| CVE-2022-4895 | 2 Hitachi, Linux | 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel | 2026-06-17 | N/A | 8.6 HIGH |
| Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00. | |||||
| CVE-2022-48437 | 1 Openbsd | 2 Libressl, Openbsd | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. | |||||
| CVE-2022-48308 | 1 Palantir | 1 Sls-logging | 2026-06-17 | N/A | 6.3 MEDIUM |
| It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. | |||||
| CVE-2022-48307 | 1 Palantir | 1 Magritte-ftp | 2026-06-17 | N/A | 6.3 MEDIUM |
| It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack. | |||||
| CVE-2022-48306 | 1 Palantir | 1 Gotham Chat Irc | 2026-06-17 | N/A | 5.7 MEDIUM |
| Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242. | |||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2026-06-17 | N/A | 6.2 MEDIUM |
| A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | |||||
| CVE-2022-47758 | 1 Nanoleaf | 1 Nanoleaf Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | |||||
| CVE-2022-46496 | 1 Bticino | 1 Door Entry For Hometouch | 2026-06-17 | N/A | 5.9 MEDIUM |
| BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. | |||||
| CVE-2022-46153 | 1 Traefik | 1 Traefik | 2026-06-17 | N/A | 8.1 HIGH |
| Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options. | |||||
| CVE-2022-45856 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | |||||
| CVE-2022-45597 | 1 Componentspace | 1 Saml | 2026-06-17 | N/A | 9.8 CRITICAL |
| ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates." | |||||
| CVE-2022-45458 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | |||||
| CVE-2022-45457 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2026-06-17 | N/A | 7.5 HIGH |
| Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2022-45419 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2026-06-17 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | |||||
