Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-20230 A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. 0.0
2021-02-19 CVE-2020-24392 Improper Certificate Validation vulnerability in Twitter-Stream Project Twitter-Stream 0.1.10
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
4.3
2021-02-17 CVE-2021-26911 Improper Certificate Validation vulnerability in multiple products
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
5.8
2021-02-16 CVE-2020-29457 Improper Certificate Validation vulnerability in Opcfoundation Ua-.Netstandard
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
local
low complexity
opcfoundation CWE-295
2.1
2021-02-12 CVE-2021-20649 Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability.
network
elecom CWE-295
5.8
2021-02-10 CVE-2021-0341 Improper Certificate Validation vulnerability in Google Android
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto.
network
low complexity
google CWE-295
5.0
2021-02-06 CVE-2020-5812 Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
network
tenable CWE-295
4.3
2021-02-04 CVE-2021-1354 Improper Certificate Validation vulnerability in Cisco Unified Computing System Central Software
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
low complexity
cisco CWE-295
2.7
2021-01-29 CVE-2021-3336 Improper Certificate Validation vulnerability in Wolfssl
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
network
low complexity
wolfssl CWE-295
7.5
2021-01-26 CVE-2021-3309 Improper Certificate Validation vulnerability in Wekan Project Wekan
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
6.8