Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-1837 Improper Certificate Validation vulnerability in Apple Ipados and Iphone OS
A certificate validation issue was addressed.
network
apple CWE-295
4.3
2021-09-07 CVE-2021-37218 Improper Certificate Validation vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.
network
low complexity
hashicorp CWE-295
6.5
2021-09-07 CVE-2021-37219 Improper Certificate Validation vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.
network
low complexity
hashicorp CWE-295
6.5
2021-08-30 CVE-2021-27018 Improper Certificate Validation vulnerability in Puppet Remediate
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated.
network
puppet CWE-295
4.3
2021-08-23 CVE-2020-36477 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS before 2.24.0.
network
arm CWE-295
4.3
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens CWE-295
5.0
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome debian CWE-295
4.3
2021-08-22 CVE-2021-39358 Improper Certificate Validation vulnerability in Gnome Libgfbgraph
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-08-22 CVE-2021-39359 Improper Certificate Validation vulnerability in Gnome Libgda
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3
2021-08-22 CVE-2021-39360 Improper Certificate Validation vulnerability in Gnome Libzapojit 0.0.1/0.0.2/0.0.3
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
gnome CWE-295
4.3