Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
2021-08-22 CVE-2021-39365 Improper Certificate Validation vulnerability in multiple products
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome debian CWE-295
5.9
2021-08-22 CVE-2021-39358 Improper Certificate Validation vulnerability in multiple products
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39359 Improper Certificate Validation vulnerability in multiple products
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39360 Improper Certificate Validation vulnerability in multiple products
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome fedoraproject CWE-295
5.9
2021-08-22 CVE-2021-39361 Improper Certificate Validation vulnerability in Gnome Evolution-Rss
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks.
network
high complexity
gnome CWE-295
5.9
2021-08-19 CVE-2021-37698 Improper Certificate Validation vulnerability in multiple products
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
network
low complexity
icinga debian CWE-295
7.5
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
2021-08-13 CVE-2021-32069 Improper Certificate Validation vulnerability in Mitel Micollab
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation.
network
high complexity
mitel CWE-295
4.8
2021-08-13 CVE-2021-31399 Improper Certificate Validation vulnerability in 2N Access Unit 2.0 Firmware 2.31.0.40.5
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
network
high complexity
2n CWE-295
5.9