Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24968 | Improper Certificate Validation vulnerability in Mellium Xmpp In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. | 5.9 |
| 2022-02-10 | CVE-2022-20703 | Improper Certificate Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 8.0 |
| 2022-02-09 | CVE-2022-20034 | Improper Certificate Validation vulnerability in Google Android 11.0 In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. | 6.8 |
| 2022-02-09 | CVE-2022-24319 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. | 5.9 |
| 2022-02-09 | CVE-2022-24320 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. | 5.9 |
| 2022-02-04 | CVE-2021-21959 | Improper Certificate Validation vulnerability in Sealevel Seaconnect 370W Firmware 1.3.34 A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. | 8.1 |
| 2022-01-21 | CVE-2021-40855 | Improper Certificate Validation vulnerability in Europa Technical Specifications for Digital Covid Certificates 1.0 The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. | 9.8 |
| 2022-01-11 | CVE-2022-21836 | Improper Certificate Validation vulnerability in Microsoft products Windows Certificate Spoofing Vulnerability | 7.8 |
| 2021-12-23 | CVE-2021-44273 | Improper Certificate Validation vulnerability in E2Bn E2Guardian e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. | 7.4 |
| 2021-12-16 | CVE-2021-41028 | Improper Certificate Validation vulnerability in Fortinet products A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | 7.5 |