Vulnerabilities > Improper Verification of Cryptographic Signature
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-02 | CVE-2021-32738 | Improper Verification of Cryptographic Signature vulnerability in Stellar Js-Stellar-Sdk js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. | 6.5 |
2021-06-24 | CVE-2021-23992 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. | 4.3 |
2021-06-24 | CVE-2021-23993 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. | 6.5 |
2021-06-09 | CVE-2021-3196 | Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0 An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. | 8.8 |
2021-06-04 | CVE-2021-28091 | Improper Verification of Cryptographic Signature vulnerability in multiple products Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | 7.5 |
2021-06-04 | CVE-2021-33054 | Improper Verification of Cryptographic Signature vulnerability in multiple products SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. | 7.5 |
2021-05-26 | CVE-2021-20487 | Improper Verification of Cryptographic Signature vulnerability in IBM products IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | 9.1 |
2021-05-26 | CVE-2021-22160 | Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". | 9.8 |
2021-04-07 | CVE-2021-30246 | Improper Verification of Cryptographic Signature vulnerability in Jsrsasign Project Jsrsasign In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. | 9.1 |
2021-04-06 | CVE-2020-36285 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |