Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2021-44533 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. | 5.3 |
| 2022-02-24 | CVE-2021-25636 | Improper Certificate Validation vulnerability in multiple products LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. | 7.5 |
| 2022-02-24 | CVE-2022-25638 | Improper Certificate Validation vulnerability in Wolfssl In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. | 6.5 |
| 2022-02-24 | CVE-2022-25640 | Improper Certificate Validation vulnerability in Wolfssl In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. | 7.5 |
| 2022-02-18 | CVE-2021-29656 | Improper Certificate Validation vulnerability in Pexip Infinity Connect Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. | 9.8 |
| 2022-02-16 | CVE-2022-22885 | Improper Certificate Validation vulnerability in Hutool 5.7.18 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 9.8 |
| 2022-02-11 | CVE-2022-24968 | Improper Certificate Validation vulnerability in Mellium Xmpp In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. | 5.9 |
| 2022-02-10 | CVE-2022-20703 | Improper Certificate Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 8.0 |
| 2022-02-09 | CVE-2022-20034 | Improper Certificate Validation vulnerability in Google Android 11.0 In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. | 6.8 |
| 2022-02-09 | CVE-2022-24319 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. | 5.9 |