Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-22138 | Improper Certificate Validation vulnerability in Elastic Logstash In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. | 3.7 |
| 2021-05-13 | CVE-2021-32919 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Prosody before 0.11.9. | 7.5 |
| 2021-05-07 | CVE-2021-29495 | Improper Certificate Validation vulnerability in Nim-Lang NIM Nim is a statically typed compiled systems programming language. | 7.5 |
| 2021-05-07 | CVE-2020-36127 | Improper Certificate Validation vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. | 6.5 |
| 2021-04-26 | CVE-2021-20695 | Improper Certificate Validation vulnerability in Dlink Dap-1880Ac Firmware 1.21 Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors. | 8.8 |
| 2021-04-23 | CVE-2021-31597 | Improper Certificate Validation vulnerability in Xmlhttprequest-Ssl Project Xmlhttprequest-Ssl The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. | 9.4 |
| 2021-04-22 | CVE-2021-29653 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. | 7.5 |
| 2021-04-22 | CVE-2021-27400 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. | 7.5 |
| 2021-04-13 | CVE-2021-3460 | Improper Certificate Validation vulnerability in Motorola Mh702X Firmware The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | 9.8 |
| 2021-04-12 | CVE-2020-7924 | Improper Certificate Validation vulnerability in Mongodb Database Tools and Mongomirror Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. | 6.5 |