Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-27189 Improper Certificate Validation vulnerability in Cira Canadian Shield
The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.
network
high complexity
cira CWE-295
5.9
2021-02-19 CVE-2020-24393 Improper Certificate Validation vulnerability in Tweetstream Project Tweetstream 2.6.1
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation.
network
high complexity
tweetstream-project CWE-295
5.9
2021-02-19 CVE-2020-24392 Improper Certificate Validation vulnerability in Twitter-Stream Project Twitter-Stream 0.1.10
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
network
high complexity
twitter-stream-project CWE-295
5.9
2021-02-17 CVE-2021-26911 Improper Certificate Validation vulnerability in multiple products
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
network
high complexity
canarymail libmailcore CWE-295
7.4
2021-02-16 CVE-2020-29457 Improper Certificate Validation vulnerability in Opcfoundation Ua-.Netstandard
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
local
low complexity
opcfoundation CWE-295
4.4
2021-02-12 CVE-2021-20649 Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability.
network
high complexity
elecom CWE-295
4.8
2021-02-10 CVE-2021-0341 Improper Certificate Validation vulnerability in Google Android
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto.
network
low complexity
google CWE-295
7.5
2021-02-09 CVE-2020-4791 Improper Certificate Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation.
high complexity
ibm CWE-295
5.3
2021-02-06 CVE-2020-5812 Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image 8.12.0
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
network
high complexity
tenable CWE-295
5.9
2021-02-04 CVE-2021-1354 Improper Certificate Validation vulnerability in Cisco Unified Computing System Central Software
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM).
low complexity
cisco CWE-295
3.5