Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-37218 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-09-07 | CVE-2021-37219 | Improper Certificate Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-08-30 | CVE-2021-27018 | Improper Certificate Validation vulnerability in Puppet Remediate The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. | 7.5 |
| 2021-08-23 | CVE-2020-36477 | Improper Certificate Validation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS before 2.24.0. | 5.9 |
| 2021-08-23 | CVE-2020-36478 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). | 7.5 |
| 2021-08-22 | CVE-2021-39365 | Improper Certificate Validation vulnerability in multiple products In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39358 | Improper Certificate Validation vulnerability in multiple products In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39359 | Improper Certificate Validation vulnerability in multiple products In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39360 | Improper Certificate Validation vulnerability in multiple products In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |
| 2021-08-22 | CVE-2021-39361 | Improper Certificate Validation vulnerability in Gnome Evolution-Rss In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. | 5.9 |