Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-06 | CVE-2020-5812 | Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image 8.12.0 Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 5.9 |
| 2021-01-29 | CVE-2021-3336 | Improper Certificate Validation vulnerability in Wolfssl DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). | 8.1 |
| 2021-01-26 | CVE-2021-3309 | Improper Certificate Validation vulnerability in Wekan Project Wekan packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | 8.1 |
| 2021-01-26 | CVE-2021-3285 | Improper Certificate Validation vulnerability in TI Code Composer Studio Intgrated Development Environment jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. | 5.3 |
| 2021-01-15 | CVE-2021-3162 | Improper Certificate Validation vulnerability in Docker Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | 7.8 |
| 2021-01-15 | CVE-2020-35733 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Erlang/OTP before 23.2.2. | 7.5 |
| 2021-01-11 | CVE-2020-24025 | Improper Certificate Validation vulnerability in Sass-Lang Node-Sass Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | 5.3 |
| 2020-12-30 | CVE-2019-16281 | Improper Certificate Validation vulnerability in Ptarmigan Project Ptarmigan 0.2.0/0.2.1/0.2.2 Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | 7.5 |
| 2020-12-27 | CVE-2020-8289 | Improper Certificate Validation vulnerability in Backblaze 7.0.0.439 Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | 7.8 |
| 2020-12-24 | CVE-2020-5684 | Improper Certificate Validation vulnerability in NEC ISM Server 5.1 iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. | 4.8 |