Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-40592 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Forticlient An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. | 6.7 |
| 2024-11-12 | CVE-2024-49394 | Improper Verification of Cryptographic Signature vulnerability in multiple products In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. | 5.3 |
| 2024-11-12 | CVE-2024-49393 | Improper Verification of Cryptographic Signature vulnerability in multiple products In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. | 5.9 |
| 2024-10-10 | CVE-2024-9487 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. | 9.1 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-09-28 | CVE-2024-23960 | Improper Verification of Cryptographic Signature vulnerability in Alpsalpine Ilx-F509 Firmware 6.0.000 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. | 4.6 |
| 2024-09-19 | CVE-2024-8698 | A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. | 7.7 |
| 2024-09-17 | CVE-2024-7788 | Improper Verification of Cryptographic Signature vulnerability in Libreoffice Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. | 7.8 |
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |
| 2024-08-06 | CVE-2023-28806 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. | 6.5 |