Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
| 2021-07-13 | CVE-2021-32755 | Improper Certificate Validation vulnerability in Wire Wire is a collaboration platform. | 4.3 |
| 2021-07-12 | CVE-2021-32727 | Improper Certificate Validation vulnerability in Nextcloud Nextcloud Android Client is the Android client for Nextcloud. | 7.5 |
| 2021-07-12 | CVE-2021-36377 | Improper Certificate Validation vulnerability in multiple products Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | 7.5 |
| 2021-07-12 | CVE-2021-3547 | Improper Certificate Validation vulnerability in Openvpn 3.6/3.6.1 OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | 7.4 |
| 2021-07-09 | CVE-2021-36371 | Improper Certificate Validation vulnerability in Getambassador Emissary-Ingress Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. | 3.7 |
| 2021-06-29 | CVE-2021-1134 | Improper Certificate Validation vulnerability in Cisco DNA Center A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. | 7.4 |
| 2021-06-24 | CVE-2021-21571 | Improper Certificate Validation vulnerability in Dell products Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. | 6.5 |
| 2021-06-22 | CVE-2020-15732 | Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. | 7.5 |
| 2021-06-16 | CVE-2021-1566 | Improper Certificate Validation vulnerability in Cisco Asyncos and Email Security Appliance A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. | 7.4 |