Vulnerabilities > Improper Verification of Cryptographic Signature

DATE CVE VULNERABILITY TITLE RISK
2021-12-13 CVE-2020-16156 Improper Verification of Cryptographic Signature vulnerability in multiple products
CPAN 2.28 allows Signature Verification Bypass.
local
low complexity
perl fedoraproject CWE-347
7.8
2021-12-13 CVE-2020-16154 Improper Verification of Cryptographic Signature vulnerability in multiple products
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
local
low complexity
app fedoraproject CWE-347
7.8
2021-11-17 CVE-2021-0152 Improper Verification of Cryptographic Signature vulnerability in Intel products
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-347
5.5
2021-11-11 CVE-2021-34420 Improper Verification of Cryptographic Signature vulnerability in Zoom Client for Meetings
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions.
network
low complexity
zoom CWE-347
7.4
2021-11-09 CVE-2021-43568 Improper Verification of Cryptographic Signature vulnerability in Starkbank Elixir Ecdsa 1.0.0
The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
network
low complexity
starkbank CWE-347
critical
9.8
2021-11-09 CVE-2021-43569 Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Dotnet 1.3.2
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
network
low complexity
starkbank CWE-347
critical
9.8
2021-11-09 CVE-2021-43570 Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Java 1.0.0
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
network
low complexity
starkbank CWE-347
critical
9.8
2021-11-09 CVE-2021-43571 Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Node 1.1.2
The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
network
low complexity
starkbank CWE-347
critical
9.8
2021-11-09 CVE-2021-43572 Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Python
The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
network
low complexity
starkbank CWE-347
critical
9.8
2021-11-05 CVE-2021-39909 Improper Verification of Cryptographic Signature vulnerability in Gitlab
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
network
high complexity
gitlab CWE-347
5.3