Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-Q4WW-5C58-73PX

Vulnerability from github – Published: 2025-06-06 18:30 – Updated: 2025-06-18 18:30
VLAI
Details

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.

We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29883"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-06T16:15:25Z",
    "severity": "HIGH"
  },
  "details": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n  and later",
  "id": "GHSA-q4ww-5c58-73px",
  "modified": "2025-06-18T18:30:32Z",
  "published": "2025-06-06T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29883"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-09"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q537-77J4-XV6X

Vulnerability from github – Published: 2021-12-11 00:00 – Updated: 2021-12-15 00:01
VLAI
Details

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-10T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.",
  "id": "GHSA-q537-77j4-xv6x",
  "modified": "2021-12-15T00:01:30Z",
  "published": "2021-12-11T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31747"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pluck-cms/pluck/issues/101"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q57H-78H9-M59J

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.",
  "id": "GHSA-q57h-78h9-m59j",
  "modified": "2022-05-24T17:43:47Z",
  "published": "2022-05-24T17:43:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27257"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q5M9-8685-C94F

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-16281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-30T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Ptarmigan before 0.2.3 lacks API token validation, e.g., an \"if (token === apiToken) {return true;} return false;\" code block.",
  "id": "GHSA-q5m9-8685-c94f",
  "modified": "2022-05-24T17:37:34Z",
  "published": "2022-05-24T17:37:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16281"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nayutaco/ptarmigan/commit/37fd8f9da3bab9d323ddd77f2fd20b6dde8bcf6c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nayutaco/ptarmigan/compare/v0.2.2...v0.2.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nayutaco/ptarmigan/releases/tag/v0.2.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q5RR-6J45-R8GX

Vulnerability from github – Published: 2026-01-01 00:31 – Updated: 2026-01-01 00:31
VLAI
Details

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-69412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-01T00:15:40Z",
    "severity": "LOW"
  },
  "details": "KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.",
  "id": "GHSA-q5rr-6j45-r8gx",
  "modified": "2026-01-01T00:31:26Z",
  "published": "2026-01-01T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69412"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3"
    },
    {
      "type": "WEB",
      "url": "https://developers.google.com/safe-browsing/v4"
    },
    {
      "type": "WEB",
      "url": "https://developers.google.com/safe-browsing/v4/lookup-api"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5W9-M93H-R979

Vulnerability from github – Published: 2022-09-13 00:00 – Updated: 2022-09-16 00:00
VLAI
Details

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "FreshService macOS Agent \u003c 4.4.0 and FreshServce Linux Agent \u003c 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.",
  "id": "GHSA-q5w9-m93h-r979",
  "modified": "2022-09-16T00:00:40Z",
  "published": "2022-09-13T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36173"
    },
    {
      "type": "WEB",
      "url": "https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent"
    },
    {
      "type": "WEB",
      "url": "https://public-exposure.inform.social/post/integrity-checking"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5WF-J98C-FR46

Vulnerability from github – Published: 2024-02-07 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-07T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server.  IBM X-Force ID:  254977.",
  "id": "GHSA-q5wf-j98c-fr46",
  "modified": "2025-11-04T00:30:46Z",
  "published": "2024-02-07T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32330"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7106586"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Nov/0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q669-PQ4M-XJP2

Vulnerability from github – Published: 2022-05-14 03:16 – Updated: 2022-05-14 03:16
VLAI
Details

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-14T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-q669-pq4m-xjp2",
  "modified": "2022-05-14T03:16:45Z",
  "published": "2022-05-14T03:16:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0591"
    },
    {
      "type": "WEB",
      "url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN83671755"
    },
    {
      "type": "WEB",
      "url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6CQ-M9GM-6Q2F

Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2024-10-23 18:34
VLAI
Summary
Slixmpp lacks SSL Certificate hostname validation in XMLStream
Details

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "slixmpp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-45197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T17:12:05Z",
    "nvd_published_at": "2022-12-25T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.",
  "id": "GHSA-q6cq-m9gm-6q2f",
  "modified": "2024-10-23T18:34:22Z",
  "published": "2022-12-25T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45197"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/poezio/slixmpp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py"
    },
    {
      "type": "WEB",
      "url": "https://github.com/poezio/slixmpp/tags"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2022-43013.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa"
    },
    {
      "type": "WEB",
      "url": "https://lab.louiz.org/poezio/slixmpp/-/commits/master"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Slixmpp lacks SSL Certificate hostname validation in XMLStream"
}

GHSA-Q6H4-2HJC-M9FW

Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39
VLAI
Details

The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The \"Morton Credit Union Mobile Banking\" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-q6h4-2hjc-m9fw",
  "modified": "2025-04-20T03:39:14Z",
  "published": "2022-05-17T02:39:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9598"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.