Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5
2021-08-05 CVE-2021-32581 Improper Certificate Validation vulnerability in Acronis products
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
network
low complexity
acronis CWE-295
8.1
2021-07-30 CVE-2021-35193 Improper Certificate Validation vulnerability in Pattersondental Eaglesoft
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version).
network
low complexity
pattersondental CWE-295
7.5
2021-07-26 CVE-2020-12681 Improper Certificate Validation vulnerability in 3Xlogic Infinias Eidc32 Firmware 2.213/3.4.125
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.
network
low complexity
3xlogic CWE-295
7.5
2021-07-19 CVE-2020-36425 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-295
5.3
2021-07-17 CVE-2021-32574 Improper Certificate Validation vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name.
network
low complexity
hashicorp CWE-295
7.5
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5
2021-07-13 CVE-2021-32755 Improper Certificate Validation vulnerability in Wire
Wire is a collaboration platform.
network
low complexity
wire CWE-295
4.3
2021-07-12 CVE-2021-32727 Improper Certificate Validation vulnerability in Nextcloud
Nextcloud Android Client is the Android client for Nextcloud.
network
low complexity
nextcloud CWE-295
7.5
2021-07-12 CVE-2021-36377 Improper Certificate Validation vulnerability in multiple products
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
network
low complexity
fossil-scm fedoraproject CWE-295
7.5