Vulnerabilities > Improper Certificate Validation
|2021-02-23||CVE-2021-20230||A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options.|| 0.0 |
|2021-02-19||CVE-2020-24392|| Improper Certificate Validation vulnerability in Twitter-Stream Project Twitter-Stream 0.1.10 |
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
| 4.3 |
|2021-02-17||CVE-2021-26911|| Improper Certificate Validation vulnerability in multiple products |
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
| 5.8 |
|2021-02-16||CVE-2020-29457|| Improper Certificate Validation vulnerability in Opcfoundation Ua-.Netstandard |
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
| 2.1 |
|2021-02-12||CVE-2021-20649|| Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware |
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability.
| 5.8 |
|2021-02-10||CVE-2021-0341|| Improper Certificate Validation vulnerability in Google Android |
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto.
| 5.0 |
|2021-02-06||CVE-2020-5812|| Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image |
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
| 4.3 |
|2021-02-04||CVE-2021-1354|| Improper Certificate Validation vulnerability in Cisco Unified Computing System Central Software |
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
| 2.7 |
|2021-01-29||CVE-2021-3336|| Improper Certificate Validation vulnerability in Wolfssl |
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate).
| 7.5 |
|2021-01-26||CVE-2021-3309|| Improper Certificate Validation vulnerability in Wekan Project Wekan |
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
| 6.8 |