Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-11050 | Improper Certificate Validation vulnerability in Java-Websocket Project Java-Websocket In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. | 6.8 |
| 2020-05-06 | CVE-2020-2187 | Improper Certificate Validation vulnerability in Jenkins Amazon EC2 Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | 5.6 |
| 2020-05-05 | CVE-2020-12144 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. | 4.9 |
| 2020-05-05 | CVE-2020-12143 | Improper Certificate Validation vulnerability in Silver-Peak products The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | 4.9 |
| 2020-04-29 | CVE-2019-19101 | Improper Certificate Validation vulnerability in Br-Automation Automation Studio A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server. | 4.3 |
| 2020-04-27 | CVE-2020-1952 | Improper Certificate Validation vulnerability in Apache Iotdb An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. | 7.5 |
| 2020-04-27 | CVE-2020-9488 | Improper Certificate Validation vulnerability in multiple products Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. | 3.7 |
| 2020-04-23 | CVE-2020-5864 | Improper Certificate Validation vulnerability in F5 Nginx Controller In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | 5.8 |
| 2020-04-23 | CVE-2020-11806 | Improper Certificate Validation vulnerability in Mailstore Server In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | 4.3 |
| 2020-04-15 | CVE-2020-11792 | Improper Certificate Validation vulnerability in Netgear products NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | 5.0 |