Vulnerabilities > Improper Verification of Cryptographic Signature

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-32738 Improper Verification of Cryptographic Signature vulnerability in Stellar Js-Stellar-Sdk
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server.
network
low complexity
stellar CWE-347
6.5
2021-06-24 CVE-2021-23992 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature.
network
low complexity
mozilla CWE-347
4.3
2021-06-24 CVE-2021-23993 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent.
network
low complexity
mozilla CWE-347
6.5
2021-06-09 CVE-2021-3196 Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0.
network
low complexity
hitachi CWE-347
8.8
2021-06-04 CVE-2021-28091 Improper Verification of Cryptographic Signature vulnerability in multiple products
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
network
low complexity
entrouvert debian fedoraproject CWE-347
7.5
2021-06-04 CVE-2021-33054 Improper Verification of Cryptographic Signature vulnerability in multiple products
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives.
network
low complexity
inverse debian CWE-347
7.5
2021-05-26 CVE-2021-20487 Improper Verification of Cryptographic Signature vulnerability in IBM products
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
network
low complexity
ibm CWE-347
critical
9.1
2021-05-26 CVE-2021-22160 Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none".
network
low complexity
apache CWE-347
critical
9.8
2021-04-07 CVE-2021-30246 Improper Verification of Cryptographic Signature vulnerability in Jsrsasign Project Jsrsasign
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.
network
low complexity
jsrsasign-project CWE-347
critical
9.1
2021-04-06 CVE-2020-36285 Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
network
low complexity
unionpayintl CWE-347
7.5