CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 12 of 25
- CVE-2021-3898MEDIUMCVSS 6.8EG 6.52022-04-22
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.
- CVE-2021-3935HIGHCVSS 8.1EG 8.12021-11-22
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affe…
- CVE-2021-39358MEDIUMCVSS 5.9EG 5.92021-08-22
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39359MEDIUMCVSS 5.9EG 5.92021-08-22
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39360MEDIUMCVSS 5.9EG 5.92021-08-22
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39361MEDIUMCVSS 5.9EG 5.92021-08-22
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-39365MEDIUMCVSS 5.9EG 5.92021-08-22
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
- CVE-2021-40713MEDIUMCVSS 5.9EG 5.92021-09-27
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new cert…
- CVE-2021-40828MEDIUMCVSS 6.3EG 6.32021-11-23
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname dur…
- CVE-2021-40829MEDIUMCVSS 6.3EG 6.32021-11-23
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname duri…
- CVE-2021-40830MEDIUMCVSS 6.3EG 6.32021-11-23
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either fr…
- CVE-2021-40831MEDIUMCVSS 6.3EG 6.32021-11-23
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been…
- CVE-2021-40855CRITICALCVSS 9.8EG 9.82022-01-21
The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.
- CVE-2021-41019LOWCVSS 3.5EG 3.52021-11-02
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, su…
- CVE-2021-41028HIGHCVSS 8.2EG 8.22021-12-16
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and Fo…
- CVE-2021-41611HIGHCVSS 7.5EG 7.52021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security t…
- CVE-2021-42017MEDIUMCVSS 5.9EG 5.92022-03-08
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC838…
- CVE-2021-42027HIGHCVSS 7.4EG 7.42021-12-14
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity b…
- CVE-2021-43114HIGHCVSS 7.5EG 7.52021-11-09
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.
- CVE-2021-43766HIGHCVSS 8.1EG 8.12022-08-25
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first…
- CVE-2021-43767MEDIUMCVSS 5.9EG 5.92022-08-25
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-mi…
- CVE-2021-43882CRITICALCVSS 9.0EG 9.82021-12-15
Microsoft Defender for IoT Remote Code Execution Vulnerability
- CVE-2021-44273HIGHCVSS 7.4EG 7.42021-12-23
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, di…
- CVE-2021-44531HIGHCVSS 7.4EG 7.42022-02-24
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was …
- CVE-2021-44532MEDIUMCVSS 5.3EG 5.32022-02-24
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject…
- CVE-2021-44533MEDIUMCVSS 5.3EG 5.32022-02-24
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpr…
- CVE-2021-44549HIGHCVSS 7.4EG 7.42021-12-14
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when access…
- CVE-2021-45035MEDIUMCVSS 6.3EG 5.92022-09-23
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.
- CVE-2021-45490CRITICALCVSS 9.1EG 9.12022-03-28
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
- CVE-2021-46880CRITICALCVSS 9.8EG 9.82023-04-15
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
- CVE-2022-0123MEDIUMCVSS 5.9EG 6.82022-03-28
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform…
- CVE-2022-0759HIGHCVSS 8.1EG 8.12022-03-25
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubecli…
- CVE-2022-1197MEDIUMCVSS 5.4EG 5.42022-12-22
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that…
- CVE-2022-1343MEDIUMCVSS 5.3EG 5.32022-05-03
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case wh…
- CVE-2022-1632MEDIUMCVSS 6.5EG 6.52022-09-01
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to e…
- CVE-2022-1805HIGHCVSS 8.1EG 8.12022-07-28
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and A…
- CVE-2022-1834MEDIUMCVSS 6.5EG 6.52022-12-22
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email mess…
- CVE-2022-20034MEDIUMCVSS 6.8EG 6.82022-02-09
In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution…
- CVE-2022-20071MEDIUMCVSS 6.7EG 6.72022-04-11
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID…
- CVE-2022-20081MEDIUMCVSS 5.9EG 5.92022-04-11
In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation…
- CVE-2022-20703CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20813CRITICALCVSS 9.0EG 5.92022-07-06
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byt…
- CVE-2022-20814HIGHCVSS 7.4EG 7.42024-11-15
A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to …
- CVE-2022-20860HIGHCVSS 7.4EG 7.42022-07-21
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL…
- CVE-2022-20960HIGHCVSS 7.5EG 7.52022-11-04
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper …
- CVE-2022-21170LOWCVSS 3.7EG 3.72022-03-10
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a re…
- CVE-2022-21654HIGHCVSS 7.4EG 7.42022-02-22
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to en…
- CVE-2022-21656HIGHCVSS 7.4EG 7.42022-02-22
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjec…
- CVE-2022-21657MEDIUMCVSS 6.8EG 6.82022-02-22
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those ce…
- CVE-2022-21836HIGHCVSS 7.8EG 7.82022-01-11
Windows Certificate Spoofing Vulnerability
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →