Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-20487 | Improper Verification of Cryptographic Signature vulnerability in IBM products IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | 9.1 |
| 2021-05-26 | CVE-2021-22160 | Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". | 9.8 |
| 2021-04-07 | CVE-2021-30246 | Improper Verification of Cryptographic Signature vulnerability in Jsrsasign Project Jsrsasign In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. | 9.1 |
| 2021-04-06 | CVE-2020-36285 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |
| 2021-04-06 | CVE-2020-36284 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |
| 2021-04-06 | CVE-2020-23533 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |
| 2021-04-06 | CVE-2021-30130 | Improper Verification of Cryptographic Signature vulnerability in multiple products phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | 7.5 |
| 2021-03-24 | CVE-2021-1375 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. | 6.7 |
| 2021-03-08 | CVE-2020-23967 | Improper Verification of Cryptographic Signature vulnerability in Drweb Security Space 11.0/12.0 Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | 7.8 |
| 2021-02-10 | CVE-2021-3033 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. | 9.8 |