Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-43572 | Improper Verification of Cryptographic Signature vulnerability in Starkbank Ecdsa-Python The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | 9.8 |
| 2021-11-05 | CVE-2021-39909 | Improper Verification of Cryptographic Signature vulnerability in Gitlab Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | 5.3 |
| 2021-10-27 | CVE-2021-37127 | Improper Verification of Cryptographic Signature vulnerability in Huawei products There is a signature management vulnerability in some huawei products. | 7.2 |
| 2021-10-11 | CVE-2021-41830 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. | 7.5 |
| 2021-10-11 | CVE-2021-41831 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate the timestamp of signed documents. | 5.3 |
| 2021-10-11 | CVE-2021-41832 | Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. | 7.5 |
| 2021-09-22 | CVE-2021-31841 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 7.3 |
| 2021-09-22 | CVE-2021-37927 | Improper Verification of Cryptographic Signature vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. | 9.8 |
| 2021-09-09 | CVE-2021-34708 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. | 6.7 |
| 2021-09-09 | CVE-2021-34709 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XR Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. | 6.4 |