Latest Improper Verification of Cryptographic Signature Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-14515 CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. 0.0
2020-08-24 CVE-2020-13101 Improper Verification of Cryptographic Signature vulnerability in Oasis-Open Oasis Digital Signature Services 1.0
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used.
network
low complexity
oasis-open
CWE-347
5.0
2020-08-17 CVE-2020-1464 Improper Verification of Cryptographic Signature vulnerability in Microsoft products
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
local
low complexity
microsoft
CWE-347
2.1
2020-08-08 CVE-2020-15827 Improper Verification of Cryptographic Signature vulnerability in Jetbrains Toolbox 1.17/1.17.6802
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
network
low complexity
jetbrains
CWE-347
5.0
2020-07-30 CVE-2020-15957 Improper Verification of Cryptographic Signature vulnerability in Dp3T-Backend-Software Development KIT Project Dp3T-Backend-Software Development KIT
An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T).
5.0
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
4.4
2020-07-24 CVE-2020-10608 Improper Verification of Cryptographic Signature vulnerability in Osisoft products
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries.
local
low complexity
osisoft
CWE-347
4.6
2020-07-21 CVE-2016-7064 Improper Verification of Cryptographic Signature vulnerability in Pritunl Pritunl-Client
A flaw was found in pritunl-client before version 1.0.1116.6.
5.0
2020-07-09 CVE-2020-15093 Improper Verification of Cryptographic Signature vulnerability in Amazon Tough
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures.
5.0
2020-07-06 CVE-2020-9226 Improper Verification of Cryptographic Signature vulnerability in Huawei P30 Firmware
HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability.
4.3