Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43882 | Improper Certificate Validation vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 9.8 |
| 2021-12-14 | CVE-2021-44549 | Improper Certificate Validation vulnerability in Apache Sling Commons Messaging Mail 1.0.0 Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. | 7.4 |
| 2021-12-14 | CVE-2021-42027 | Improper Certificate Validation vulnerability in Siemens Sinumerik Edge A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). | 7.4 |
| 2021-12-13 | CVE-2020-4496 | Improper Certificate Validation vulnerability in IBM Spectrum Protect Plus The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. | 5.9 |
| 2021-12-10 | CVE-2021-31747 | Improper Certificate Validation vulnerability in Pluck-Cms Pluck 4.7.15 Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | 4.8 |
| 2021-12-01 | CVE-2021-34599 | Improper Certificate Validation vulnerability in Codesys GIT Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. | 7.4 |
| 2021-11-23 | CVE-2021-40828 | Improper Certificate Validation vulnerability in Amazon products Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. | 8.8 |
| 2021-11-23 | CVE-2021-40829 | Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2 Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. | 8.8 |
| 2021-11-23 | CVE-2021-40830 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. | 8.8 |
| 2021-11-23 | CVE-2021-40831 | Improper Certificate Validation vulnerability in Amazon products The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. | 7.2 |