Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-295

CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,400 vulnerabilities with CWE-295

CVE-2022-25243 MEDIUM

Vault 1.8.0-1.8.8 and 1.9.3 - Improper Certificate Validation in PKI Secrets Engine

CVE-2022-21170 LOW

DAJ I-filter Browser & Cloud Multiagent < 4.93r04 - Improper Certificate Validation

CVE-2022-22946 MEDIUM

Spring Cloud Gateway - Improper Certificate Validation

CVE-2022-25640 HIGH

wolfssl < 5.2.0 - Improper Certificate Validation

CVE-2022-25638 MEDIUM

wolfssl < 5.2.0 - Certificate Validation Bypass via TLS 1.3 sig_algo Field Mismatch

CVE-2022-21657 MEDIUM

envoyproxy/envoy < 1.18.6 - Improper Certificate Validation

CVE-2022-21656 HIGH

envoyproxy/envoy < 1.20.2 - Improper Certificate Validation via subjectAltNames Type Confusion

CVE-2022-21654 HIGH

Envoy 1.7.0-1.18.5 - Improper Certificate Validation in TLS Reuse

CVE-2022-23649 LOW

sigstore cosign < 1.5.2 - Improper Certificate Validation via Rekor Transparency Log Bypass

CVE-2022-23632 HIGH

Traefik < 2.6.1 - Improper Certificate Validation via FQDN Host Header

CVE-2022-22885 CRITICAL

Hutool < 5.7.19 - Improper Certificate Validation

CVE-2022-24968 MEDIUM

mellium/xmpp 0.18.0-0.21.0 - Improper Certificate Validation via DNS TXT Record Spoofing

CVE-2022-20703 CRITICAL KEV

Cisco RV Routers - Code Execution, Privilege, Auth Bypass, and DoS

CVE-2022-24320 MEDIUM

ClearSCADA, EcoStruxure Geo SCADA Expert - Info Disclosure

CVE-2022-24319 MEDIUM

ClearSCADA, EcoStruxure Geo SCADA Expert - Info Disclosure

CVE-2022-20034 MEDIUM

Preloader XFLASH - Privilege Escalation

CVE-2022-22156 MEDIUM

Juniper Networks Junos OS - Privilege Escalation

CVE-2022-21836 HIGH

Windows - Certificate Spoofing via Improper Certificate Validation

CVE-2021-25635 MEDIUM

LibreOffice 7.0.0-7.0.5 - Improper Certificate Validation in ODF Document Signatures

CVE-2021-46880 CRITICAL

LibreSSL <3.4.2/OpenBSD <7.0 - Auth Bypass

CVE-2021-21548 HIGH

Dell EMC Unisphere for PowerMax < 9.1.0.27 - Unauthenticated Man-in-the-Middle via Improper Certificate Validation

CVE-2021-45035 MEDIUM

Velneo vClient 28.1.3 - Improper Certificate Validation

CVE-2021-43767 MEDIUM

PostgreSQL 9.6.0-9.6.23 - Improper Certificate Validation

CVE-2021-43766 HIGH

Odyssey - SQL Injection via Man-in-the-Middle Attack on Certificate Common Name Authentication

CVE-2021-29755 HIGH

IBM QRadar SIEM 7.3-7.5 - Improper Certificate Validation

Previous Page 26 of 56 Next

Details

Vulnerabilities 1,400

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy