Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-27 | CVE-2020-8289 | Improper Certificate Validation vulnerability in Backblaze 7.0.0.439 Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | 7.8 |
| 2020-12-24 | CVE-2020-5684 | Improper Certificate Validation vulnerability in NEC ISM Server 5.1 iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. | 4.8 |
| 2020-12-15 | CVE-2020-29663 | Improper Certificate Validation vulnerability in Icinga Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. | 9.1 |
| 2020-12-14 | CVE-2020-8286 | Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | 7.5 |
| 2020-12-02 | CVE-2012-0955 | Improper Certificate Validation vulnerability in Canonical Software-Properties 0.81.13.1/0.81.13.3 software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. | 7.4 |
| 2020-11-30 | CVE-2020-29440 | Improper Certificate Validation vulnerability in Tesla Model X Firmware Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). | 4.6 |
| 2020-11-19 | CVE-2020-28942 | Improper Certificate Validation vulnerability in Primekey Ejbca An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. | 4.3 |
| 2020-11-19 | CVE-2020-8279 | Improper Certificate Validation vulnerability in Nextcloud Social Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | 7.4 |
| 2020-11-18 | CVE-2020-28362 | Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | 7.5 |
| 2020-11-06 | CVE-2020-27589 | Improper Certificate Validation vulnerability in Synopsys Hub-Rest-Api-Python Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | 7.5 |