Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28907 | Improper Certificate Validation vulnerability in Nagios Fusion Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh. | 9.8 |
| 2021-05-17 | CVE-2007-5967 | Improper Certificate Validation vulnerability in Mozilla Firefox A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | 6.5 |
| 2021-05-13 | CVE-2021-22138 | Improper Certificate Validation vulnerability in Elastic Logstash In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. | 3.7 |
| 2021-05-13 | CVE-2021-32919 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Prosody before 0.11.9. | 7.5 |
| 2021-05-07 | CVE-2021-29495 | Improper Certificate Validation vulnerability in Nim-Lang NIM Nim is a statically typed compiled systems programming language. | 7.5 |
| 2021-05-07 | CVE-2020-36127 | Improper Certificate Validation vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. | 6.5 |
| 2021-04-26 | CVE-2021-20695 | Improper Certificate Validation vulnerability in Dlink Dap-1880Ac Firmware 1.21 Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors. | 8.8 |
| 2021-04-23 | CVE-2021-31597 | Improper Certificate Validation vulnerability in Xmlhttprequest-Ssl Project Xmlhttprequest-Ssl The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. | 9.4 |
| 2021-04-22 | CVE-2021-29653 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. | 7.5 |
| 2021-04-22 | CVE-2021-27400 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. | 7.5 |