Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-43570 | Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Java 1.0.0 The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 7.5 |
| 2021-11-09 | CVE-2021-43571 | Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Node 1.1.2 The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 7.5 |
| 2021-11-09 | CVE-2021-43572 | Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Python The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 7.5 |
| 2021-11-05 | CVE-2021-39909 | Improper Verification of Cryptographic Signature vulnerability in Gitlab Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | 5.3 |
| 2021-10-27 | CVE-2021-37127 | Improper Verification of Cryptographic Signature vulnerability in Huawei products There is a signature management vulnerability in some huawei products. | 9.0 |
| 2021-10-11 | CVE-2021-41830 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. | 7.5 |
| 2021-10-11 | CVE-2021-41831 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate the timestamp of signed documents. | 5.3 |
| 2021-10-11 | CVE-2021-41832 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. | 7.5 |
| 2021-10-01 | CVE-2021-29108 | Improper Verification of Cryptographic Signature vulnerability in Esri Portal for Arcgis There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). | 8.8 |
| 2021-09-22 | CVE-2021-31841 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 7.3 |