Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,397 vulnerabilities with CWE-295

CVE-2024-45159 CRITICAL

Mbed TLS 3.2.0-3.6.0 - Improper Certificate Validation in TLS 1.3 Client Authentication

CVE-2024-8285 MEDIUM

Kroxylicious Kafka TLS - Hostname Verification Bypass

CVE-2024-39771 MEDIUM

Safie QBiC CLOUD CC-2L < 1.1.30 & Safie One < 1.8.2 - MITM via Improper Certificate Validation

CVE-2024-41996 HIGH

Diffie-Hellman Key Agreement Protocol - Resource Consumption

CVE-2024-45234 HIGH

nicmx fort-validator < 1.6.3 - Denial of Service via Non-Canonical BER SignedAttrs

CVE-2024-37311 HIGH

Collabora Online - SSL Incomplete Verification

CVE-2024-8007 HIGH

Red Hat OpenStack Platform - Improper Certificate Validation in Container Image Deployment

CVE-2024-32928 MEDIUM

Google Nest Mini Firmware - Improper Certificate Validation in libcurl

CVE-2024-7570 HIGH

Ivanti Neurons for ITSM 2023.4 and earlier - Improper Certificate Validation

CVE-2024-5445 LOW

Ecosystem Agent <4.1.5.2597 & <5.1.4.2473 - SSL/TLS Validation

CVE-2024-42395 CRITICAL

AP Certificate Management Service - Unauthenticated RCE

CVE-2024-7383 HIGH

Red Hat Enterprise Linux 8 - Improper Certificate Validation in libnbd

CVE-2024-6472 HIGH

LibreOffice <24.2.5 - Info Disclosure

CVE-2024-32865 MEDIUM

exacqVision Server < 24.06 - Improper TLS Certificate Validation

CVE-2024-41264 HIGH

casdoor 1.636.0 - Improper Certificate Validation via Insecure SSH Host Key Handling

CVE-2024-41258 MEDIUM

filestash < 0.4 - Man-in-the-Middle Attack via Insecure SSH Host Key Verification

CVE-2024-41256 MEDIUM

filestash < 0.4 - Improper Certificate Validation in ShareProofVerifier

CVE-2024-40464 HIGH

beego <2.2.0 - Privilege Escalation

CVE-2024-4786 LOW

Lenovo Tab K10 - Improper Certificate Validation

CVE-2024-28872 HIGH

ISC Stork 0.15.0-1.15.0 - Improper Certificate Validation

CVE-2024-37865 MEDIUM

S3Browser < 11.7.5 - Improper Certificate Validation

CVE-2024-39698 HIGH

electron-builder < 6.3.0 - Signature Validation Bypass via Environment Variable Expansion

CVE-2024-28067 MEDIUM

Samsung Exynos Modem 5300 Firmware - Man-in-the-Middle Security Mode Downgrade

CVE-2024-33509 MEDIUM

FortiWeb 6.3.0-7.2.1 - Unauthenticated Improper Certificate Validation

CVE-2024-39312 MEDIUM

Botan < 2.19.5 - Improper Certificate Validation in X.509 Name Constraint Extension

Previous Page 15 of 56 Next

Details

Vulnerabilities 1,397

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy