Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-40829 | Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2 Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. | 8.8 |
| 2021-11-23 | CVE-2021-40830 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. | 8.8 |
| 2021-11-23 | CVE-2021-40831 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. | 7.2 |
| 2021-11-22 | CVE-2021-3935 | Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. | 8.1 |
| 2021-11-18 | CVE-2021-23155 | Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Client Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. | 6.8 |
| 2021-11-18 | CVE-2021-23162 | Improper Certificate Validation vulnerability in Gallagher Command Centre Mobile Connect Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. | 8.1 |
| 2021-11-18 | CVE-2021-23167 | Improper Certificate Validation vulnerability in Gallagher Command Centre Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. | 6.8 |
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 5.5 |
| 2021-11-02 | CVE-2021-41019 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | 6.5 |
| 2021-11-02 | CVE-2021-29737 | Improper Certificate Validation vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. | 7.5 |