Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-3698 | Improper Certificate Validation vulnerability in multiple products A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). | 7.5 |
| 2022-03-04 | CVE-2022-22946 | Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. | 5.5 |
| 2022-02-24 | CVE-2021-44531 | Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. | 7.4 |
| 2022-02-24 | CVE-2021-44532 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. | 5.3 |
| 2022-02-24 | CVE-2021-44533 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. | 5.3 |
| 2022-02-24 | CVE-2021-25636 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |
| 2022-02-24 | CVE-2022-25638 | Improper Certificate Validation vulnerability in Wolfssl In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. | 6.5 |
| 2022-02-24 | CVE-2022-25640 | Improper Certificate Validation vulnerability in Wolfssl In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. | 7.5 |
| 2022-02-18 | CVE-2021-29656 | Improper Certificate Validation vulnerability in Pexip Infinity Connect Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. | 9.8 |
| 2022-02-16 | CVE-2022-22885 | Improper Certificate Validation vulnerability in Hutool 5.7.18 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 9.8 |